I want to let the ldap user foo login in my Mageia 7 computer. The working Ldap server is in another Linux box. Usually you can make use of the utility drakconf in MCC to change the way a user authenticates in a Mageia pc. Unfortunately there's an old bug which hasn't been solved yet (I remember I had that when I migrated from Mageia 5 to Mageia 6). Well not everything is lost.First at all follow the usual procedure to make use of Ldap through drakconf: in this way all the needed packages will be installed. You can also try to configure the authentication with Ldap, but you will see that probably it doesn't work.Well, we need to edit the file /etc/openldap/ldap.conf and write down the parameters BASE and URI (the IP of your Ldap server) according to your server. Something like that:BASE dc=example,dc=comURI ldap://192.168.1.1:389If you don''t make use of encryption through SSL certificates, leave everything else as it is.the command "ldapsearch -x" and "getent passwd foo", where foo is the name of an user in our example, will let you know if the Mageia pc is able to contact the Ldap server in the other computerNext, the most important file: /etc/pam.d/system-authFirst at all, make a copy of it. BEWARE: in case of errors, you'll find yourself locked out your pc: follow my instructions at your own risk. In the worst case you'll need to reinstall the operating system, if you aren't able to use a live distribution to correct the errors.Drakconf isn't able for unknown reasons to change the content of /etc/pam.d/system-auth, therefore we need to edit it, by adding the following lines where appropriate:auth sufficient pam_ldap.so use_first_passaccount sufficient pam_localuser.soaccount [default=bad success=ok user_unknown=ignore] pam_ldap.sopassword sufficient pam_ldap.so use_authtoksession optional pam_ldap.soDO NOT COPY AND PASTE THIS AS IT IS!!You must copy the first line among the other lines beginning with the word "auth", the second line among the other lines beginning with the word "accont", and so on. NOTE: the above lines must be written in the respective section of the file, before pam_deny.so, and after pam_unix.so. For example, for the key "auth", it should look like:auth [success=3 default=ignore] pam_unix.so nullok_secure auth [success=1 default=ignore] pam_ldap.so use_first_pass # here's the fallback if no module succeeds auth requisite pam_deny.soYou can now open a TTY and try to login with the LDAP user. If you still can't login, re-read carefuly the instruction and retry. It can also be that you have omitted installing a needed package (nsswitch? nslcd?...)I really hope Mageia can fix this long time annoying and blocking bug very soon, we have already waited for a too long time. If you want, you can fill a bug report on the Bugzilla of Mageia: https://bugs.mageia.org/describecomponents.cgi?product=Mageia
Mageia 7 and LDAP authentication
I want to let the ldap user foo login in my Mageia 7 computer. The working Ldap server is in another Linux box. Usually you can make use of the utility drakconf in MCC to change the way a user authenticates in a Mageia pc. Unfortunately there's an old bug which hasn't been solved yet (I remember I had that when I migrated from Mageia 5 to Mageia 6). Well not everything is lost.First at all follow the usual procedure to make use of Ldap through drakconf: in this way all the needed packages will be installed. You can also try to configure the authentication with Ldap, but you will see that probably it doesn't work.Well, we need to edit the file /etc/openldap/ldap.conf and write down the parameters BASE and URI (the IP of your Ldap server) according to your server. Something like that:BASE dc=example,dc=comURI ldap://192.168.1.1:389If you don''t make use of encryption through SSL certificates, leave everything else as it is.the command "ldapsearch -x" and "getent passwd foo", where foo is the name of an user in our example, will let you know if the Mageia pc is able to contact the Ldap server in the other computerNext, the most important file: /etc/pam.d/system-authFirst at all, make a copy of it. BEWARE: in case of errors, you'll find yourself locked out your pc: follow my instructions at your own risk. In the worst case you'll need to reinstall the operating system, if you aren't able to use a live distribution to correct the errors.Drakconf isn't able for unknown reasons to change the content of /etc/pam.d/system-auth, therefore we need to edit it, by adding the following lines where appropriate:auth sufficient pam_ldap.so use_first_passaccount sufficient pam_localuser.soaccount [default=bad success=ok user_unknown=ignore] pam_ldap.sopassword sufficient pam_ldap.so use_authtoksession optional pam_ldap.soDO NOT COPY AND PASTE THIS AS IT IS!!You must copy the first line among the other lines beginning with the word "auth", the second line among the other lines beginning with the word "accont", and so on. NOTE: the above lines must be written in the respective section of the file, before pam_deny.so, and after pam_unix.so. For example, for the key "auth", it should look like:auth [success=3 default=ignore] pam_unix.so nullok_secure auth [success=1 default=ignore] pam_ldap.so use_first_pass # here's the fallback if no module succeeds auth requisite pam_deny.soYou can now open a TTY and try to login with the LDAP user. If you still can't login, re-read carefuly the instruction and retry. It can also be that you have omitted installing a needed package (nsswitch? nslcd?...)I really hope Mageia can fix this long time annoying and blocking bug very soon, we have already waited for a too long time. If you want, you can fill a bug report on the Bugzilla of Mageia: https://bugs.mageia.org/describecomponents.cgi?product=Mageia