[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pam ldap help


First, this is probably not the appropriate list for this question as pam-ldap is not supported by the OpenLDAP community. The best resources I found for it were in the Debian community.

That said, I got PAM-LDAP working on my Slackware 8.1 machines a few months back. Things you need to know:

1. Slackware does not support PAM out of the box. So you need to install PAM libraries and new versions of every utility that uses authentication (passwd, rlogin, login, ssh, proftpd, useradd, etc). Get this working without LDAP first (using pam_unix.so for everything.)

2. Once that's running, you need to have a good way of getting users in and out of your new directory. Plan ahead. Understand the objectClasses you want to use ahead of time.

3. Plan ahead for user and group migration. You want to make sure you are never left with no way to log in while you are setting this up. PAM can lock you out of your system completely and force you to boot to single-user mode.

Hope this helps.

Ryan Hoegg
ISIS Networks

P.S. **SHAMELESS PLUG** I do this type of consulting full time. E-mail me personally if you want some more direct help.

Peron, Stéphane wrote:

Hi all,

I am newbie in pam ldap ...
For 3 weeks, I encounter many difficulties in installing pam-ldap under
Linux slackware with last versions for my company...

I have recompiled the shadow package to bind login to libpam.
Pam-ldap has worked for a moment only with su and now doesn't work
anymore.(for ldap_initialize : problem of Time request or something like
this) It never worked for login and rlogin...

All the documentations that I found on the net are incomplete....
and most of scripts don't work .... I am about to become crazy ! ;-)

Would it be possible that someone who has installed a recent version of pam
and ldap send me all its scripts and configuration files ?
I mean :

And the scripts to create the objects and users .....

Or may be there is a web site where all these scripts are done and work with
last versions ?

I want to use this scripts without changing them, just to be sure that
pam-ldap can work for "login" and "ssh" on a box.

Many thanks for your help !!


Ce message contient des informations confidentielles ou appartenant au Crédit Lyonnais et est établi à l'intention exclusive de ses destinataires. Toute divulgation, utilisation, diffusion ou reproduction (totale ou partielle) de ce message, ou des informations qu'il contient, doit être préalablement autorisée. Tout message électronique est susceptible d'altération et son intégrité ne peut être assurée. Le Crédit Lyonnais décline toute responsabilité au titre de ce message s'il a été modifié ou falsifié. Si vous n'êtes pas destinataire de ce message, merci de le détruire immédiatement et d'avertir l'expéditeur de l'erreur de distribution et de la destruction
du message.

This e-mail contains confidential information or information belonging to Crédit Lyonnais and is intended solely for the addressees. The unauthorised disclosure, use, dissemination or copying (either whole or partial) of this e-mail, or any information it contains, is prohibited.
E-mails are susceptible to alteration and their integrity cannot be guaranteed. Crédit Lyonnais shall not be liable for this e-mail if modified or falsified.
If you are not the intended recipient of this e-mail, please delete it immediately from your system and notify the sender of the wrong delivery and the mail deletion.