[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap, solaris 8, pam_ldap : Guess what?

Yup...  'fraid so.

sol 8, openldap 2.0.11, pam_ldap 113, nss_ldap 153...  ad its not quite

FWIW, I have successfully got iPlnet's Directory Server, with SDK, working
with Sol 8 (and 7)...  so I was playing around with openldap similarly.

I've followed the escellent guide posted here by Simon Ritchie back in October


and have followed him verbatim as much as I can (given he was on a linux box
and I'm on a Solaris one).

my pam.conf looks like this

su   auth sufficient /usr/lib/security/$ISA/pam_ldap.so.1 
su   auth required   /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
su   account sufficient      /usr/lib/security/$ISA/pam_ldap.so.1 debug
su   account required        /usr/lib/security/$ISA/pam_unix.so.1 
su      session sufficient      /usr/lib/security/$ISA/pam_ldap.so.1 debug

It had insisted on having a base and host declaration in /etc/ldap.conf, which
now reads

BASE    o=host,c=sys
HOST    beast
directory /usr/local/var/openldap-ldbm
suffix "o=home, c=sys"
rootdn "cn=noris, o=home, c=sys"
rootpw n0risn
index cn, sn, uid, gidnumber pres, eq, approx
index objectclass pres,eq
dbcachesize 500000
index default none

I have used then templates to create the database (underlying it all is GDBM),
and added the user boris with an unencrypted passwd.

I can ldapsearch the database for boris successfully

# /usr/local/bin/ldapsearch -b "o=home,c=sys" uid=boris

version: 2

# filter: uid=boris
# requesting: ALL

# boris,People,home,sys
dn: uid=boris,ou=People,o=home,c=sys
uid: boris
cn: Boris Morris
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: bWFjY2E=
shadowLastChange: 11226
shadowMax: 99999
shadowWarning: 7
shadowFlag: 134538484
loginShell: /bin/bash
uidNumber: 1101
gidNumber: 100
homeDirectory: /home/boris
gecos: Boris Morris

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

nsswitch.conf has ldap configured for the passwd and group

passwd:    ldap  files
group:     ldap  files

...  so when/if I use

> su - boris

I get the response
su: unknown id: boris

No messages in /var/adm/messages even if I add debug to the pam.conf line

If instead of su I have telnet set up, when I attempt to use that

# telnet beast
Connected to beast.
Escape character is '^]'.

SunOS 5.8

login: boris
Password: <pasword in here!>
System Password: 
Login incorrect

and /var/adm/messages includes 

Jun 12 14:03:39 beast login: [ID 857475 auth.error] pam_ldap:ldap_search_s No
such object

What I am I missing/doing wrong?  Any ideas?


Get free email and a permanent address at http://www.amexmail.com/?A=1