[Date Prev][Date Next] [Chronological] [Thread] [Top]

Debugging LDAP

 I'm trying to setup a Linux box to authenticate from our LDAP server. I've
populated the LDAP server with migration tools, ldapsearch works fine, and
the parameters I give it match the /etc/ldap.conf file that pam_ldap uses,
and the authentication seems to be working fine, as in, the /etc/pam.d/su
config line has 

auth       sufficient   /lib/security/pam_ldap.so
auth       required /lib/security/pam_pwdb.so shadow nullok use_first_pass

 So it seems that if I give it the password that's listed in the LDAP
database, it authenticates me. If I give it the password as listed in
/etc/shadow, it also authenticates me, but logs a message:

Nov 26 12:14:41 oracle1 su: pam_ldap: ldap_simple_bind_s Invalid credentials

 I suppose that's OK. Later when we are 100% LDAP for authentication, we
can get rid of the sufficent line. The OpenLDAP suite rocks, as does the
help people have given me getting it going..

 However, su is coredumping when it quits, even though it seems to be
working fine. Has anyone ever seen that before ?

 The second reason for the mail is that I was reading the ldap.h file that
comes with openldap, and it explained the bitmasks that the debug_level is
worked out from. Does anyone have a recommendation what number to pass to
"-d" when I'm running slapd ? It's mainly authentication and malformed data
that's going to cause problems, so seeing data packets is more confusing
than anything else...


Microsoft. The best reason in the world to drink beer.