[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pam_ldap problems after upgrade to debian sarge

I see nothing in your message indicative of a bug in
OpenLDAP Software.  Whether there is a bug in pam_ldap
or not beyond the scope of this list.  Suggest you
use <pamldap@padl.com> to discuss any potential bug


At 07:28 AM 8/16/2005, Gal Goldschmidt wrote:
>Hi All,
>I am nee to the list ,I don't know if this a real bug or a configuration 
>problem, but I spent 2 days on googling and decided to  ask for your help.
>I have a rater complex setup ( Distributed Directory Service), I did not find 
>any example for such a setup on the web, but it used to work.
>I now use:
>slapd          2.2.23-8 
>libpam-ldap    178-1
>On Debian sarge
>I have 3 servers a,b and c 
>I set up 2 separate trees on b (b.haifa) and on c (c.haifa)  to give 
>authenticate diffrent groups.
>The local pam_ldap + nss_ldap on those server works fine, no complaints. 
>On server a I want to give both groups services, I created a tree  (haifa) and 
>added ref objects to it for b and c in the format from:
> http://www.openldap.org/doc/admin23/referrals.html
>So apart from the basic admin and haifa ( root object) I have 2 more objects
> dn: dc=b,dc=haifa
>        objectClass: referral
>        objectClass: extensibleObject
>        dc: b
>        ref: ldap://b.haifa/dc=b,dc=haifa
>The same for c.
>nss_ldap work fine, I can see all the user ids on server a, when I do 
>ls /home.
>The problem:
>When I try to use pam_ldap, with the same lines I use for nss_ldap
>base dc=haifa
>it won't authenticate and log and error :
>pam_ldap: error trying to bind as user 
>"uid=test,ou=People,dc=b,dc=haifa" (Invalid credentials)
>If I give pam_ldap:
>host b.haifa
>base dc=b,dc=haifa
>It will authenticate.
>Any suggestions are welcome.