[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap, solaris 8, pam_ldap : Guess what?

To: openldap-software@OpenLDAP.org
Subject: openldap, solaris 8, pam_ldap : Guess what?
From: Ian Diddams <didds@usa.net>
Date: 12 Jun 2001 14:07:04 BST

Yup...  'fraid so.

sol 8, openldap 2.0.11, pam_ldap 113, nss_ldap 153...  ad its not quite
working.

FWIW, I have successfully got iPlnet's Directory Server, with SDK, working
with Sol 8 (and 7)...  so I was playing around with openldap similarly.

I've followed the escellent guide posted here by Simon Ritchie back in October
2000

(http://www.OpenLDAP.org/lists/openldap-software/200010/msg00097.html)

and have followed him verbatim as much as I can (given he was on a linux box
and I'm on a Solaris one).

my pam.conf looks like this

su   auth sufficient /usr/lib/security/$ISA/pam_ldap.so.1 
su   auth required   /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
...
su   account sufficient      /usr/lib/security/$ISA/pam_ldap.so.1 debug
su   account required        /usr/lib/security/$ISA/pam_unix.so.1 
...
su      session sufficient      /usr/lib/security/$ISA/pam_ldap.so.1 debug


It had insisted on having a base and host declaration in /etc/ldap.conf, which
now reads

BASE    o=host,c=sys
HOST    beast
directory /usr/local/var/openldap-ldbm
suffix "o=home, c=sys"
rootdn "cn=noris, o=home, c=sys"
rootpw n0risn
index cn, sn, uid, gidnumber pres, eq, approx
index objectclass pres,eq
dbcachesize 500000
index default none


I have used then templates to create the database (underlying it all is GDBM),
and added the user boris with an unencrypted passwd.

I can ldapsearch the database for boris successfully

# /usr/local/bin/ldapsearch -b "o=home,c=sys" uid=boris

version: 2

#
# filter: uid=boris
# requesting: ALL
#

# boris,People,home,sys
dn: uid=boris,ou=People,o=home,c=sys
uid: boris
cn: Boris Morris
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: bWFjY2E=
shadowLastChange: 11226
shadowMax: 99999
shadowWarning: 7
shadowFlag: 134538484
loginShell: /bin/bash
uidNumber: 1101
gidNumber: 100
homeDirectory: /home/boris
gecos: Boris Morris

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


nsswitch.conf has ldap configured for the passwd and group

passwd:    ldap  files
group:     ldap  files

...  so when/if I use

> su - boris

I get the response
su: unknown id: boris

No messages in /var/adm/messages even if I add debug to the pam.conf line

If instead of su I have telnet set up, when I attempt to use that

# telnet beast
Trying 10.11.215.60...
Connected to beast.
Escape character is '^]'.


SunOS 5.8

login: boris
Password: <pasword in here!>
System Password: 
Login incorrect
login: 

and /var/adm/messages includes 

Jun 12 14:03:39 beast login: [ID 857475 auth.error] pam_ldap:ldap_search_s No
such object





What I am I missing/doing wrong?  Any ideas?

Ian

____________________________________________________________________
Get free email and a permanent address at http://www.amexmail.com/?A=1

Follow-Ups:
- Re: openldap, solaris 8, pam_ldap : Guess what?
  - From: phil@bolthole.com
- Re: openldap, solaris 8, pam_ldap : Guess what?
  - From: GOMBAS Gabor <gombasg@inf.elte.hu>

Prev by Date: Approximate Index in 2.0.1
Next by Date: Re: why is adding records slow?
Index(es):
- Chronological
- Thread