[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: passwd and ldap



On Wed, May 09, 2007 at 02:58:06PM +0200, Martin Marcher wrote:
> Hello,
> 
> I set up my system to authenticate against ldap,
> 
> id ; getent passwd; getent group # all show the correct information
> 
> However when I su to a user and do passwd the following happens:
> 
> $ passwd
> passwd: User not known to the underlying authentication module
> passwd: password unchanged
> 
> Where do I tell passwd that my accounts are in ldap. (Or what even
> bugs me more is that the "pam_password_prohibit_message" arent honored
> in the config file, seems I'm missing something)

I had a similar problem, the way i tracked it down was to turn on logging on 
slapd it worked out the permissions were not correct. If memory serves me 
correctly I used a binddn as well a a rootdn.

the former is for non root access and the later well for root access.

Alex

> 
> thanks
> martin
> 
> nsswitch.conf:
> passwd:         files ldap
> group:          files ldap
> shadow:         files ldap
> hosts:          files dns
> networks:       files
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
> netgroup:       nis
> 
> pam_ldap.conf:
> base dc=example,dc=com
> uri ldap://ldap.example.com:10389
> ldap_version 3
> rootbinddn cn=manager,dc=example,dc=com
> pam_password clear
> pam_password_prohibit_message Please visit http://internal to change
> your password.
> 
> 
> libnss-ldap.conf:
> uri ldap://ldap.example.com:10389
> base dc=openforce,dc=com
> ldap_version 3
> rootbinddn uid=manager,dc=example,dc=com
> pam_lookup_policy yes
> pam_password clear
> pam_password_prohibit_message Please visit http://internal to change
> your password.
> 
> 
> -- 
> Martin Marcher
> martin.marcher@gmail.com
> http://www.mycorners.com
> https://www.xing.com/profile/Martin_Marcher
> http://www.linkedin.com/in/martinmarcher
> http://www.studivz.net/profile.php?ids=9f83ea8c5996b8ec
> http://www.amazon.de/gp/registry/wishlist/3KDAGCL2NKOIM/ref=reg_hu-wl_goto-registry/302-4432803-5146435?ie=UTF8&sort=date-added
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact 
> listmaster@lists.debian.org
> 
> 

Attachment: signature.asc
Description: Digital signature


Reply to: