[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

LDAP authentication against Active Directory in Sarge


I have a sarge install which I'm using to test some things. One of those
things is LDAP authentication against Active Directory.

This works just fine on a bunch of SUSE 9.2 boxes but I can't make it
work on the Debian Sarge box.

If I just alter nsswitch.conf to change "passwd" and "group" to "files
ldap", nothing seems to happen ("finger user" returns nothing, for

This is my /etc/ldap.conf, which is basically the same I use in the SUSE
boxes (the only difference is the domain, because I'm using a different
domain to test it out) and exactly the same as I'm using in another test box using CentOS 4:

# ldap.conf - Active Directory authentication

ldap_version	3

host	ldapserver # in /etc/hosts
ssl	no

# Active Directory doesn't allow anonymous access:
binddn	cn=ldap,cn=Users,dc=sandbox,dc=intranet,dc=pt
bindpw	xxxxxx

base 	cn=Users,dc=sandbox,dc=intranet,dc=pt
scope	sub

nss_base_passwd	cn=Users,dc=sandbox,dc=intranet,dc=pt?sub
nss_base_shadow	cn=Users,dc=sandbox,dc=intranet,dc=pt?sub
nss_base_group	cn=Users,dc=sandbox,dc=intranet,dc=pt?sub

pam_password	ad

pam_login_attribute	sAMAccountName
pam_member_attribute	msSFU30PosixMember

# only members of this group can access this server:
pam_groupdn	cn=Domain Users,dc=sandbox,dc=intranet,dc=pt

pam_filter	(objectclass=user)

nss_map_objectclass	posixAccount user
nss_map_objectclass	shadowAccount user
nss_map_objectclass	posixGroup Group

nss_map_attribute	uid sAMAccountName
nss_map_attribute	uidNumber msSFU30UidNumber
nss_map_attribute	gidNumber msSFU30GidNumber
nss_map_attribute	loginShell msSFU30LoginShell
nss_map_attribute	gecos msSFU30Gecos
nss_map_attribute	userPassword msSFU30Password
nss_map_attribute	homeDirectory msSFU30HomeDirectory
nss_map_attribute	uniqueMember msSFU30PosixMember

# EOF - ldap.conf

Reply to: