On Thu, May 10, 2007 at 10:34:41AM +0200, Martin Marcher wrote: > On 5/10/07, Alex Samad <alex@samad.com.au> wrote: > >I had a similar problem, the way i tracked it down was to turn on logging > >on > >slapd it worked out the permissions were not correct. If memory serves me > >correctly I used a binddn as well a a rootdn. > > I'm using apacheds (directory.apache.org - really great piece of software). > > The solution is in the options pam stack uses: > > /etc/pam.d/common-password: > password sufficient pam_ldap.so ignore_unknown_user > password required pam_unix.so try_first_pass nullok obscure min=4 max=8 > md5 mine looks like password sufficient pam_unix2.so nullok call_modules=ldap password required pam_ldap.so try_first_pass md5 > > > * ignore_unknown_user is needed so that a non ldap user (e.g. root) > will be handled by pam_unix > * try_first_pass will just take the first password so that you don't > have to type it twice in case it's a local user and not a ldap user. > > > -- > To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmaster@lists.debian.org > >
Attachment:
signature.asc
Description: Digital signature