[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: problems with OpenLDAP (Debian and FreeBSD)



Matthias, I have freebsd 5.1 working, but have a slightly different setup.
I will show the differences below.

On Thu, 31 Jul 2003, Matthias Fechner wrote:

> i have here a FreeBSD-Server(5.1) with OpenLDAP 2.2.0.a_2 running.
> What i want to do, is manage my useraccounts with ldap.
> For this i have created a directory with ldap and created a user:
> ---
> dn: uid=test, ou=people,dc=fechner, dc=net
> objectClass: top
> objectClass: account
> objectClass: posixAccount
> objectClass: shadowAccount
> uid: test
> cn: Lester the Nightfly
> userPassword: {crypt}test

don't you mean
userPassword: {CRYPT}IChkDelBbfCM2

you can get the crypt from doing
$ slappasswd -h {crypt} -s test

> gecos: Test
> loginShell: /bin/csh
> uidNumber: 10000
> gidNumber: 10000
> homeDirectory: /home/idefix
> ---


I notice you are binding anonymously.  Make sure that anonymous has read
access.  But since it worked with Debian, I'm assuming it does.

> To use ldap under Freebsd i have installed the pam_ldap-1.6.4 and
> pam_ldap-1.6.4.
> Than i have added under /etc/pam.d some files like login, su, sshd
> in the follwing line as first entry:
> auth            sufficient      /usr/local/lib/pam_ldap.so
>
May also want to add
account         sufficient      /usr/local/lib/pam_ldap.so


> Than i have configured the file ldap.conf:
> host 192.168.0.251
> base dc=fechner,dc=net
> ldap_version 3
> pam_filter objectclass=posixAccount
> pam_login_attribute uid
> nss_base_passwd ou=People,dc=fechner,dc=net
> nss_base_shadow ou=People,dc=fechner,dc=net

might want to try setting up the group for that user, for example
dn: cn=test,ou=groups,dc=fechner,dc=net
objectClass: posixgroup
cn: test
userPassword:: e2NyeXB0fSo=
gidNumber: 10000
memberUid: test

and

nss_base_group  ou=groups,dc=fechner,dc=net


>
> But all which i have tried will not work.
> What is wrong in my configuration?
>
> Thanks for an answer.
>
> --
> Best regards
> Matthias
>

If that doesn't help, do you have anything in /var/log/messages for the
error when the user tries to login?  Also, try running slapd in debug mode
by adding something like -d6 to the startup.  Then you can see exactly
what is searched and returned.  Show that debug output here and we may be
able to help some more.