LDAP authentication against Active Directory in Sarge
Hi!
I have a sarge install which I'm using to test some things. One of those
things is LDAP authentication against Active Directory.
This works just fine on a bunch of SUSE 9.2 boxes but I can't make it
work on the Debian Sarge box.
If I just alter nsswitch.conf to change "passwd" and "group" to "files
ldap", nothing seems to happen ("finger user" returns nothing, for
instance).
This is my /etc/ldap.conf, which is basically the same I use in the SUSE
boxes (the only difference is the domain, because I'm using a different
domain to test it out) and exactly the same as I'm using in another test
box using CentOS 4:
#
# ldap.conf - Active Directory authentication
#
ldap_version 3
host ldapserver # in /etc/hosts
ssl no
# Active Directory doesn't allow anonymous access:
binddn cn=ldap,cn=Users,dc=sandbox,dc=intranet,dc=pt
bindpw xxxxxx
base cn=Users,dc=sandbox,dc=intranet,dc=pt
scope sub
nss_base_passwd cn=Users,dc=sandbox,dc=intranet,dc=pt?sub
nss_base_shadow cn=Users,dc=sandbox,dc=intranet,dc=pt?sub
nss_base_group cn=Users,dc=sandbox,dc=intranet,dc=pt?sub
pam_password ad
pam_login_attribute sAMAccountName
pam_member_attribute msSFU30PosixMember
# only members of this group can access this server:
pam_groupdn cn=Domain Users,dc=sandbox,dc=intranet,dc=pt
pam_filter (objectclass=user)
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_objectclass posixGroup Group
nss_map_attribute uid sAMAccountName
nss_map_attribute uidNumber msSFU30UidNumber
nss_map_attribute gidNumber msSFU30GidNumber
nss_map_attribute loginShell msSFU30LoginShell
nss_map_attribute gecos msSFU30Gecos
nss_map_attribute userPassword msSFU30Password
nss_map_attribute homeDirectory msSFU30HomeDirectory
nss_map_attribute uniqueMember msSFU30PosixMember
# EOF - ldap.conf
Reply to: