[Date Prev][Date Next]
PAM LDAP naming context question
I'm a newbie to LDAP, but I have been charged with the task of setting up an
LDAP server for user authentication purposes. Further, management specifies
use of Netscape Directory Server 4.13 under Solaris 8. With some pain, I've
gotten the server working and Solaris 8 clients are able to authenticate
users with it.
However, we also have some Debian Linux boxes and I am having trouble getting
those to authenticate with the Netscape Directory Server. I don't know if
this complicates things, but I am not using 'ldap' and not 'ldaps'. After
all, I'm mainly interested in proof of concept.
On the Debian (woody) system, I have the 'libnss-ldap' and 'libpam-ldap'
packages installed and I have made appropriate customisations to
/etc/pam.d/login and /etc/ldap/ldap.conf files. It seems the PAM part is
working because I now get prompted for a password twice on a login attempt.
If the user is in the local files, login works. It seems the problem is with
the LDAP communication end of things.
Specifically, it seems the naming context is problematic. When I set up the
Netscape Directory Server, I use 'o=press.uchicago.edu' as the naming
context. I put the following lines into the /etc/ldap/ldap.conf file:
Yet, when I try to login in as 'jdoe' (creative name, I know, but it is able
to login with a Solaris client), here is what the Netscape Directory Server
[05/Dec/2001:17:06:38 -0600] conn=12 op=0 BIND dn="" method=128 version=3
[05/Dec/2001:17:06:38 -0600] conn=12 op=0 RESULT err=0 tag=97 nentries=0
etime=0[05/Dec/2001:17:06:38 -0600] conn=12 op=1 SRCH
base="dc=press,dc=uchicago,dc=edu" scope=2 filter="(uid=jdoe)"
[05/Dec/2001:17:06:38 -0600] conn=12 op=1 RESULT err=32 tag=101 nentries=0
The search is failing because the naming context is wrong. Am I missing
something or does the PAM LDAP module require that the server be set up to
use the 'dc=...' form of the naming context?
Roy Bixler <firstname.lastname@example.org>
The University of Chicago Press