On Mon, Mar 10, 2003 at 12:54:51AM -0600, Ryan Goss wrote:
> Does anyone have a good how-to on pam authentication using ldap. We
> are trying to merge our network over to ldap, but are unable to use pam
> with ldap. We have the ldap server running properly, and are able to
> connect to it and bind using ssl with Mozilla's LDAP browser. It is
> also running non-ssl just for testing purposes right now. NSSwitch
> works correctly. We have configured the pam_ldap.conf and the proper
> pam.d files but any attempt to login only does an ldap search and
> never attempts to bind as the user attempting to login and fails to
> login.
I don't know any direct answers, but try these:
- Fire up ethereal, capture the network traffic
This usually gives you clues wether it's a problem in the search
filter or something else.
- Try and log in to the database as the user itself
This is the same method the pam module tries..
This is how pam_ldap attempts to locate and authenticate the user:
(in case it helps)
- bind to the database
(binddn is used, usually anonymous bind is the best choice)
- search for the user
(combines pam_login_attribute with pam_filter and searches in base)
- bind as the user
(uses the dn received with the previous search and the password
given to pam)
That is an over simplified version how things work. Also, usually you
only need to set the 'host' and 'base' for pam_ldap.
Regards, Sami Haahtinen
--
-< Sami Haahtinen >-
-[ Notify immediately if you do not receive this message ]-
-< 2209 3C53 D0FB 041C F7B1 F908 A9B6 F730 B83D 761C >-
Attachment:
pgphUPJA06xCK.pgp
Description: PGP signature