[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pam_ldap

On Thu, 17 Aug 2000, Hugo Monteiro wrote:

>     I'm sorry to bother you guys about this one again ... help me out on
> this one please... =)
> Let's say I have an entry in my ldap database like (using ldif format):
> --
> dn: uid=10051, o=organisation, c=country
> objectclass: person
> ou: people
> cn: John Doe
> sn: Doe
> givenname: John
> userpassword: secret
> manager: uid=500, o=organisation, c=country
> mail: doe@xyz.org
> alias: john_doe
> --

1) uid is supposed to be a string, not a number.  The number would
   be uidNumber.

2) The entry should contain the attribute type and value used to
   form the Relative Distinguished Name.  In English, you should
   add 'uid: 10051' to the entry.  Besides, if that is the
   attribute used by pam_ldap, then it *has* to be in the entry,
   the Distinguished Name alone is not enough.

3) The 'alias' attribute type is suspect, it is not defined. In general,
   your schema use is defficient, 'person' does not allow most of the
   attribute types you are using.  And pam_ldap and nss_ldap will
   usually look for entries of accont or posixAccount objectclass.

> having nss_ldap and pam_ldap installed in the system and configuring it
> in /etc/nsswitch.conf and /etc/pam.d/login I still find there is
> something missing ... like ... how do I tell the system what ldap server
> he should look for in order to make the queries and as well how do I
> give him the credentials so pam is authorized to make those queries ...

Usually, in a file named /etc/ldap.conf.