[Date Prev][Date Next] [Chronological] [Thread] [Top]

pam_ldap problems after upgrade to debian sarge



Hi All,

I am nee to the list ,I don't know if this a real bug or a configuration 
problem, but I spent 2 days on googling and decided to  ask for your help.

I have a rater complex setup ( Distributed Directory Service), I did not find 
any example for such a setup on the web, but it used to work.
I now use:
slapd          2.2.23-8 
libpam-ldap    178-1
On Debian sarge

I have 3 servers a,b and c 
I set up 2 separate trees on b (b.haifa) and on c (c.haifa)  to give 
authenticate diffrent groups.
The local pam_ldap + nss_ldap on those server works fine, no complaints. 

On server a I want to give both groups services, I created a tree  (haifa) and 
added ref objects to it for b and c in the format from:
 http://www.openldap.org/doc/admin23/referrals.html

So apart from the basic admin and haifa ( root object) I have 2 more objects
 dn: dc=b,dc=haifa
        objectClass: referral
        objectClass: extensibleObject
        dc: b
        ref: ldap://b.haifa/dc=b,dc=haifa

The same for c.

nss_ldap work fine, I can see all the user ids on server a, when I do 
ls /home.

The problem:

When I try to use pam_ldap, with the same lines I use for nss_ldap
---
host 127.0.0.1
base dc=haifa
----
it won't authenticate and log and error :
pam_ldap: error trying to bind as user 
"uid=test,ou=People,dc=b,dc=haifa" (Invalid credentials)

If I give pam_ldap:
----
host b.haifa
base dc=b,dc=haifa
-----
It will authenticate.

Any suggestions are welcome.

Thanks
Gal