On Wed, Feb 10, 2010 at 03:27:25PM -0500, John A. Sullivan III wrote: > Thanks for the quick response. I'll answer in the text below - John > > On Thu, 2010-02-11 at 06:42 +1100, Alex Samad wrote: > > On Wed, Feb 10, 2010 at 11:07:05AM -0500, John A. Sullivan III wrote: > > > Hello, all. We have just started to explore Debian Lenny as a platform > > > and have been delightfully impressed however we're hitting a problem > > > using LDAP authentication that we have not experienced in RedHat or > > > Ubuntu. We do not allow anonymous LDAP queries but rather > > > configure /etc/pam_ldap.conf with a binddn and bindpw. > > > > > > Our LDAP queries are failing and, when we look at the access logs on our > > > CentOS Directory Server 8.1, we see the binddn is empty: > > > > > Hi > > > > on my debian system I have a couple of packages installed to handle ldap > > userid db. > > > > pam handles one side of it but you need the nss stuff as well. There > > are 2 sets of packages, the one I use (I like it better - works how I > > like it to work and seems to be getting active maintenance). > > > > nslcd and with this you will need libnss-ldapd & libpam-ldapd they both > > need config files in /etc > libnss-ldap and libpam-ldap are installed. I do not see a packaged > named nslcd unless it's a typo for nscd which is installed as well. no nslcd is not a typo, like I said there are 2 streams/groups of packages for pam integration you have the !older! ones. have a look at nslcd and its partner packages I have found them to more stable. > > > > > > [snip] > > > > > > > > pam_ldap.conf looks like this: > > > > > > > [snip] > > > > you need to look at the nss config file as well > Do you mean nsswitch.conf? If so, we did address that - files ldap for > passwd, group, and shadow. nope this file /etc/nss-ldapd.conf used for the nss side of things which is what getent uses and tools like nsswitch, glibc & whoami > > > > > We could very likely have a missing package. This is a vserver and they > > > install a very skeleton base system. For example, the system initially > > > did not query at all until we realized we needed to install passwd. > > > This is an X2Go print server (hopefully many desktops to come > > > immediately after!) so we have installed: > > > > [snip] > > > > > > maybe you are missing stuff, like the nss ldap package. getent passwd > > should show you all your users work from there and then getent group > getent passwd only shows local users as per above > > > > > > > did we do wrong? Any help would be greatly appreciated as I've lost days > > > tracking this down with no answer. Thanks - John > Still eagerly looking for hints and suggestions. Thanks - John have a look at the nslcd package and the authors web page - why he created this package (a fork of the original stuff) > > > -- "I recently met with the finance minister of the Palestinian Authority, was very impressed by his grasp of finances." - George W. Bush 05/29/2003 Washington, DC
Attachment:
signature.asc
Description: Digital signature