Re: pam ldap help

[Ryan Hoegg <rhoegg@isisnetworks.net>]

Hey,

First, this is probably not the appropriate list for this question as 
pam-ldap is not supported by the OpenLDAP community.  The best resources 
I found for it were in the Debian community.

That said, I got PAM-LDAP working on my Slackware 8.1 machines a few 
months back.  Things you need to know:

1. Slackware does not support PAM out of the box.  So you need to 
install PAM libraries and new versions of every utility that uses 
authentication (passwd, rlogin, login, ssh, proftpd, useradd, etc).  Get 
this working without LDAP first (using pam_unix.so for everything.)

2. Once that's running, you need to have a good way of getting users in 
and out of your new directory.  Plan ahead.  Understand the 
objectClasses you want to use ahead of time.

3. Plan ahead for user and group migration.  You want to make sure you 
are never left with no way to log in while you are setting this up.  PAM 
can lock you out of your system completely and force you to boot to 
single-user mode.

Hope this helps.

Ryan Hoegg
ISIS Networks

P.S. **SHAMELESS PLUG** I do this type of consulting full time.  E-mail 
me personally if you want some more direct help.

Peron, Stéphane wrote:

> Hi all,
>
> I am newbie in pam ldap ...
> For 3 weeks, I encounter many difficulties in installing pam-ldap under
> Linux slackware with last versions for my company...
>
> I have recompiled the shadow package to bind login to libpam.
> Pam-ldap has worked for a moment only with su and now doesn't work
> anymore.(for ldap_initialize : problem of Time request or something like
> this)  
> It never worked for login and rlogin...
>
> All the documentations that I found on the net are incomplete....
> and most of scripts don't work ....  
> I am about to become crazy ! ;-)
>
> Would it be possible that someone who has installed a recent version of pam
> and ldap send me all its scripts and configuration files ?
> I mean :
> /etc/libnss_ldap.conf
> /etc/ldap.conf
> /etc/pam_ldap.conf
> /etc/pam.d/login
> /etc/pam.d/password
> /etc/pam.d/su
> /etc/pam.d/rlogin
>
> /usr/local/etc/openldap/slapd.conf
> And the scripts to create the objects and users .....
>
> Or may be there is a web site where all these scripts are done and work with
> last versions ?
>
> I want to use this scripts without changing them, just to be sure that
> pam-ldap can work for "login" and "ssh" on a box.
>
> Many thanks for your help !!
>
>
> ------------------------------------------------------------------------
>
>
>
> Ce message contient des informations confidentielles ou appartenant au 
> Crédit Lyonnais et est établi à l'intention exclusive de ses 
> destinataires. Toute divulgation, utilisation, diffusion ou reproduction 
> (totale ou partielle) de ce message, ou des informations qu'il contient, 
> doit être préalablement autorisée. Tout message électronique est 
> susceptible d'altération et son intégrité ne peut être assurée. 
> Le Crédit Lyonnais décline toute responsabilité au titre de ce 
> message s'il a été modifié ou falsifié. Si vous n'êtes pas 
> destinataire de ce message, merci de le détruire immédiatement et 
> d'avertir l'expéditeur de l'erreur de distribution et de la destruction
> du message.
>
> This e-mail contains confidential information or information belonging 
> to Crédit Lyonnais and is intended solely for the addressees. 
> The unauthorised disclosure, use, dissemination or copying (either whole 
> or partial) of this e-mail, or any information it contains, is prohibited.
> E-mails are susceptible to alteration and their integrity cannot be guaranteed. 
> Crédit Lyonnais shall not be liable for this e-mail if modified or falsified.
> If you are not the intended recipient of this e-mail, please delete it 
> immediately from your system and notify the sender of the wrong delivery 
> and the mail deletion.