[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: LDAP authentication against Active Directory in Sarge

Rene Tapia wrote:
Besides ldap.conf, you also need to configure pam:

Actually pam isn't required just to get user information, which is what I'm trying to do.

But anyway, I found the problem. It was pretty supid actually... it should be "/etc/libnss-ldap.conf" and not "/etc/ldap.conf" (like in SUSE and Red Hat/CentOS).

But anyway, thanks for the info. I wasn't sure how to configure pam_ldap also (but haven't gotten there yet).

Carlos Rodrigues

apt-get install libpam-ldap -y
apt-get install libnss-ldap -y
apt-get install libpam-cracklib -y

Note: libpam-cracklib is not required for LDAP (it
just enforces strong passwords)

The following config files work, but you can change
them to suit your needs:

auth	sufficient	pam_ldap.so
auth	required	pam_unix.so use_first_pass

account	sufficient	pam_ldap.so
account	required	pam_unix.so

password   required   pam_cracklib.so retry=3 minlen=6
password   sufficient pam_ldap.so use_authtok
password   required   pam_unix.so use_authtok
try_first_pass md5

Also, if you intend to change user passwords with
passwd via libpam-ldap, you will need to patch

Good luck!

Reply to: