[Date Prev][Date Next] [Chronological] [Thread] [Top]

pam_ldap+proftpd under SuSE Linux



I apologize ahead of time if this is an improper forum for asking this
question, but I've been scratching my head and racking my brain trying to
find a way to pam_ldap properly talk to slapd.

It seems as though pam_ldap is properly constructing the query string for
slapd, but is either not recognizing the output or is not getting any.

As a result, I cannot log in to the proftpd server.  If I enable
pam_permit, I can log in with any password, as long as the username exists
in LDAP.

This seems so straightforward in the documentation, so I am not sure what
I might be missing.  If this has been discussed, I missed it in the
archives, so if anyone has done this before, it'll save my life!

Aug 31 11:50:24 dev000 proftpd[18376]: dev000.example.com (sundev.example.com[x.x.146.94]) - FTP session opened.
Aug 31 11:50:28 dev000 slapd[18369]: daemon: conn=3 fd=10 connection from IP=::1 1906 (IP=:: 389) accepted.
Aug 31 11:50:28 dev000 slapd[18373]: conn=3 op=0 BIND dn="CN=MANAGER,DC=EXAMPLE,DC=COM" method=128
Aug 31 11:50:28 dev000 slapd[18373]: conn=3 op=0 RESULT tag=97 err=0 text=
Aug 31 11:50:28 dev000 slapd[18372]: conn=3 op=1 SRCH base="dc=example,dc=com" scope=2 filter="(&(uid=janedoe)(objectClass=posixAccount))"
Aug 31 11:50:28 dev000 slapd[18372]: conn=3 op=1 SEARCH RESULT tag=101 err=0 text=
Aug 31 11:50:30 dev000 slapd[18373]: conn=3 op=2 UNBIND
Aug 31 11:50:30 dev000 slapd[18373]: conn=-1 fd=10 closed
Aug 31 11:50:30 dev000 slapd[18369]: daemon: conn=4 fd=10 connection from IP=::1 1907 (IP=:: 389) accepted.
Aug 31 11:50:30 dev000 slapd[18372]: conn=4 op=0 BIND dn="CN=MANAGER,DC=EXAMPLE,DC=COM" method=128
Aug 31 11:50:30 dev000 slapd[18372]: conn=4 op=0 RESULT tag=97 err=0 text=
Aug 31 11:50:30 dev000 slapd[18373]: conn=4 op=1 SRCH base="dc=example,dc=com" scope=2 filter="(&(uid=janedoe)(objectClass=posixAccount))"
Aug 31 11:50:30 dev000 slapd[18373]: conn=4 op=1 SEARCH RESULT tag=101 err=0 text=
Aug 31 11:50:30 dev000 slapd[18372]: conn=4 op=2 SRCH base="dc=example,dc=com" scope=2 filter="(&(uid=janedoe)(objectClass=posixAccount))"
Aug 31 11:50:30 dev000 slapd[18372]: conn=4 op=2 SEARCH RESULT tag=101 err=0 text=
Aug 31 11:50:30 dev000 slapd[18369]: daemon: conn=5 fd=15 connection from IP=127.0.0.1:1908 (IP=:: 636) accepted.
Aug 31 11:50:30 dev000 proftpd[18376]: dev000.example.com (sundev.example.com[x.x.146.94]) - ProFTPD terminating (signal 11)
Aug 31 11:50:30 dev000 slapd[18369]: conn=-1 fd=10 closed
Aug 31 11:50:30 dev000 slapd[18369]: conn=-1 fd=15 closed

Here's my /etc/pam.d/proftpd:

#%PAM-1.0
#auth      required     /lib/security/pam_permit.so     debug
auth       required     /lib/security/pam_ldap.so       debug
auth       required     /lib/security/pam_shells.so
account    required     /lib/security/pam_ldap.so       debug
password   required     /lib/security/pam_ldap.so       debug

Here's my /etc/openldap/ldap.conf

# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.4.8.6 2000/09/05 17:54:38 kurt Exp $
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

base "dc=example, dc=com"
uri ldaps://127.0.0.1
host 127.0.0.1

ldap_version 3

#BASE   dc=example, dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

ssl yes
#sslpath /usr/ssl/certs


--
Jonathan Kalbfeld    M268@>6]U('!L87D@=&AI<R!M  ThoughtWave Technologies LLC
(v) +1 415 386 UNIX  97-S86=E(&)A8VMW87)D<RP@:  UNIX, Networking, Programming
(f) +1 415 358 4519  70@;65A;G,@);F]T:&EN9RX*   http://www.thoughtwave.net/