Manualshelf

LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
191192193194195196197198199200
If you are using anonymous access, (determined by the value of the credentialLevel attribute
in the configuration profile), try searching for one of your user's information in the directory
with a command like the following:
./ldapsearch -h servername -b "o=hp.com" uid=username
using the name of your directory server (from display_profile_cache), search base
DN (from display_profile_cache), and a user name from the directory.
You should get output similar to the previous example. If you don't, anonymous access may
not be configured properly. Make sure you have access permissions set correctly for
anonymous access. See the steps "Configure anonymous access" and "Set access permissions
for anonymous access" in Section 2.4.4 (page 65) for details on configuring anonymous
access.
Enable PAM logging as described in Section 5.18.2 (page 189) then try logging in again. Check
the PAM logs for any unexpected events.
Enable LDAP-UX logging as described in Section 5.18.1 (page 189), then try logging in again.
Check the log file for any unexpected events.
If you are using HP-UX Directory Server, use the Directory Server Console to authenticate
to the directory as the directory administrator. Check the ACIs for the proxy user. Make
sure the proxy user or anonymous can view the following attributes listed. If not, change
the ACI to allow this. Make sure all users can read their own information. If they cannot,
change the ACI to allow this.
Make sure all users have the following attributes and can read them:
cn
loginshell
uid
uidnumber
gidnumber
memberuid
homedirectory
gecos
192 Administering LDAP-UX Client Services