Re: pam_ldap error

[Csillag Tamás <cstamas@digitus.itk.ppke.hu>]

On Mon, Dec 01, 2003 at 04:16:29PM -0500, Asif Iqbal wrote:
> I found the problem. I started as slapd -h ldap:///
> ldaps:/// but port 636 was not open. I changed it and running as slapd -h
> ldaps:/// and now it does not complain about connection problem but now it says
> 
> error: PAM: No account present for user
> 
> I do have an account for the user. To check I searched for the user and found
> the user's password does not show {CRYPT}
> 
> the ldif for userPassword was {CRYPT}IIGHcSnVKzrZA but when I search the user it
> shows userPassword:: e0NSWVBUfUlJR0hjU25WS3pyWkE=
That's normal it is a base64 encoded form of the password.
> 
> 
> Any suggestion/explanation would be greatly appreciated
Try debugging as described in my previous mail (below in this mail too).
You can raise the debug level with '-d' switch to slapd too.

You won't find the error without this, at least I think.
> 
> On Mon, 1 Dec 2003, Csillag [iso-8859-2] Tamás wrote:
> 
> > Hi,
> >
> > On Mon, Dec 01, 2003 at 02:24:16PM -0500, Asif Iqbal wrote:
> > > On Mon, 1 Dec 2003, Jeff Gamsby wrote:
> > >
> > > >  Does ldapsearch -x work? If on Linux, how about getent passwd?
> > >
> > > ldapsearch -x works just fine. genent passwd works fine too
> > pam_ldap is independent from getent passwd (it uses libnss_ldap)
> > and it's config file is: /etc/nsswitch.conf and /etc/{.,ldap}/ldap.conf
> > (the second is debian specific I think)
> > (But it is good to test wheather your database is available)
> >
> > pam_ldap's config file is: /etc/pam_ldap.conf
> >
> > If the problem is not the pam_ldap.conf file, you can try to debug it
> > in the following way:
> > tcpdump
> > or
> > (backup first!!) cp /etc/pam.d/ssh /etc/pam.d/su
> > strace su someuser (do this as root but remove, rootok pam module from
> > the list, so it will ask for password)
> >