Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Anonymous_User Absent Member.
Absent Member.

LUM use - Guts of nam.conf

Can someone tell me what nam is doing to communicate with edir via
settings in nam.conf? I'm interested in what credentials nam is using to
authenticate to edir after LUM is configured. In nam.conf we specify the
IP of a valid LDAP server for the preferred-sever entry and a valid admin
account for the adminFDN entry. When LUM is originally configured the
admin password is specified, but is that stored somewhere for later use -
or is that only used during LUM configuration?

Also, it appears PUBLIC is used to allow LUM to function properly (if no
proxy account is specified in nam.conf). But the LDAP Server Group our
LDAP server is in has been configured to use a proxy account (not a real
account with a password - a proxy acount with a blank password). When
that LDAP server is contacted by nam what account is used to communicate
with edir? The Public user; or the proxy account specified in the Server
Group settings...?

We're seeing LUM break - no edir accounts showing from a 'getent passwd'
and wondering if monkeying with LDAP Server Group settings has any bearing
on this. We are not specifying a proxy user in nam.conf.


Labels (2)
1 Reply
Anonymous_User Absent Member.
Absent Member.

Re: LUM use - Guts of nam.conf

I do understand the pam_nam module relies on nam.conf, but it seems an IP
of an edir server and just an administrative username in nam.conf is
insufficent for proper authentication.

I've been reading how heavily the Public user is involved; it's granted
read/compare rights to an number of attributes when LUM is configured, but
WHAT actual credentials are used by PAM to yack with edir is confusing me:
the Public user, or the proxy account specified in the LDAP Server Group,
or the admin account specified in the nam.conf file...

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.