On Thu, Jun 13, 2002 at 04:07:30PM -0700, David Wright wrote:
|
| Looking over your files, I see quite a few problems:
|
| 1) You need to configure nss_ldap.conf as well as pam_ldap.conf.
Umm, I don't have that ... I need to install libnss-ldap ... that
really helps :-).
| 2) The lines in nsswitch.conf should really be "files ldap" not "ldap
| files", i.e. local data takes precedence.
You're right. I think the howtos I read had it reversed (and they
were meant for RH, of course).
| 3) You need to tell pam.d/login to use the same password for pam_unix that
| it tried to use for pam_ldap:
| auth sufficient pam_ldap.so
| auth required pam_unix.so nullok try_first_pass
Hmm, ok. The docs I read didn't mention that.
| 4) In pam_ldap.conf, it's best not to bind as anyone.
Right. When all else fails, it doesn't hurt to try.
| pam_ldap will attempt to bind with the given password and that will
| be the test. You'll need to use
| pam_password exop
| if you still want to change user passwords with this setup.
Ok, thanks.
After correcting #1, all is well. Thanks for noticing that!
-D
--
Who can say, "I have kept my heart pure;
I am clean and without sin"?
Proverbs 20:9
http://dman.ddts.net/~dman/
Attachment:
pgpf9s97kBMQ9.pgp
Description: PGP signature