Re: Has no one gotten LDAP authentication working?

To: "Mullins, Ron" <rmullins@DigiTerra.com>
Cc: "Debian user mailing list \(E-mail\)" <debian-user@lists.debian.org>
Subject: Re: Has no one gotten LDAP authentication working?
From: FunguzSheep@b.xs4all.nl
Date: Fri, 6 Apr 2001 09:50:19 +0200
Message-id: <[🔎] 20010406095019.A27606@funguz>
Reply-to: Ching Bon Lam <FunguzSheep@gmx.net>
References: <[🔎] ED44D1F5E754D311B8930000F6CD37AD034148F7@exch-eas-sb.digiterra-inc.com>

* Mullins, Ron <rmullins@DigiTerra.com> [010405 17:09]:
> Seriously, has no one setup the libpam-ldap in Debian?
> 
> Just some working config files to enlighten me as to the little thing I
> haven't gotten right would be splendid. You don't have to talk to me, you
> don't have to be my friend...I won't come to your house and drink your beer
> if you respond. Promise.
> dd

required packages:
openldap
libpam-ldap
libnss-ldap
libpam-cracklib
nscd

/etc/libnss-ldap.conf:
===================================================
host funguz
base o=Something, c=NL
===================================================

etc/pam_ldap.conf:
===================================================
host funguz
base o=Something, c=NL

# Use the V3 protocol to optimize searches
ldap_version 2

# Filter to AND with uid=%s
pam_filter objectclass=account

# The user ID attribute (defaults to uid)
pam_login_attribute uid

#Group to enforce membership of
#pam_groupdn cn=PAM,ou=Groups,dc=example,dc=net

# Group member attribute
#pam_member_attribute uniquemember

# Hash password locally; required for University of
# Michigan LDAP server, and works with Netscape
# Directory Server if you're using the UNIX-Crypt
# hash mechanism and not using the NT Synchronization
# service.
pam_crypt local                       
===================================================

/etc/pam.d/other:
===================================================
auth     sufficient  pam_unix.so
auth     required    pam_ldap.so use_first_pass

account  sufficient  pam_unix.so
account  required    pam_ldap.so

password sufficient  pam_unix.so
password required    pam_ldap.so try_first_pass

session  required    pam_unix.so
===================================================

you should modify all the files in /etc/pam.d/ as like my
/etc/pam.d/other.
Other example:

/etc/pam.d/login:
===================================================
auth       requisite  pam_securetty.so
auth       required   pam_nologin.so
auth       required   pam_env.so
auth       sufficient pam_unix.so nullok
auth       required   pam_ldap.so use_first_pass 

account sufficient      pam_unix.so
account required        pam_ldap.so
session required        pam_unix.so

session    optional   pam_lastlog.so
session    optional   pam_motd.so
session    optional   pam_mail.so standard noenv

password required       pam_cracklib.so retry=3 minlen=6 difok=3
password sufficient     pam_unix.so use_authtok nullok md5 shadow
password required       pam_ldap.so try_first_pass
===================================================

Well, one other word to say: improvise!

good luck!

CBL.

Reply to:

References:
- Has no one gotten LDAP authentication working?
  - From: "Mullins, Ron" <rmullins@DigiTerra.com>

Prev by Date: Re: your mail
Next by Date: Re: Debian for infants.
Previous by thread: Re: Has no one gotten LDAP authentication working?
Next by thread: Insert module at startup
Index(es):
- Date
- Thread