[Date Prev][Date Next]
Antwort: tls, pam_ldap and /etc/passwd
I had the same problem and solved it on my own.
You habe to compile slapd with the --with-tls support.
But my problem was, that pam_ldap looked at the wrong config file.
Means, /etc/ldap.conf instead of /etc/pam_ldap.conf.
Use the Uri and the port adressing to get ssl working.
Also libnss-ldap and pam_ldap have to be compiled using ssl.
Then all works perfectly.
This is my /etc/pam.d/passwd file which works for me.
auth sufficient /lib/security/pam_ldap.so
auth required /lib/security/pam_unix_auth.so use_first_pass md5
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_unix_acct.so
password sufficient /lib/security/pam_ldap.so
password required /lib/security/pam_cracklib.so retry=3
mainwork information technology AG
Tech Gate Vienna
Tel: +43 1 333 48 58-0
Fax: +43 1 333 48 58-24
<firstname.lastname@example.org> An: "openldap-software@OpenLDAP.org" <openldap-software@OpenLDAP.org>
Gesendet von: Kopie:
owner-openldap-software@Op Thema: tls, pam_ldap and /etc/passwd
I have been banging my head against a problem for a while now, and I could
a hand. Maybe you could help, or point me to help.
We have set up an openldap server running on RedHat Linux 7.2. I have
a database and have more than one system working fine using the pam_ldap
modules. However, when I activate TLS, pam requires me to have a user to
match the ldap user in the system's local /etc/passwd file. This rather
defeats my goals for using LDAP in the first place.
Basically if TLS is off, then everything works OK, pulling non-local users
from LDAP. If I turn TLS on, then LDAP will not authenticate unless there
a user in /etc/passwd.
It is entirely possible that this is performing as designed. I have been
unable to find any definitive statements on this.
Anything you could point me to would be greatly appreciated.