[Date Prev][Date Next] [Chronological] [Thread] [Top]

Question About pam_ldap -> openldap authentication and login !!!

To: openldap-software@OpenLDAP.org
Subject: Question About pam_ldap -> openldap authentication and login !!!
From: f.skale@mainwork.com
Date: Thu, 28 Mar 2002 16:26:39 +0100

I set up an open-ldap server (slapd) as show in the documentation provided
on the website.
The i configured pam_ldap in the ldap.conf.
I changed the pam.d/login and passwd file according to  use ldap as
authentication server.
Then i wanted to login with the User i created (posixAccount with auth
crypt) on the ldap server.
The output of the auth.log of the client machine looks like that:
pam_ldap: error trying to bind as user
"uid=Admin,ou=Admins,ou=customers,o=test company,dc=test,dc=com"
(Insufficient access)
So i opened the whole ldap Server to defaultaccess write.
But the error still exists.
So i decided to change the loglevel to see what happens on the ldap server
with that output:
daemon: conn=19 fd=9 connection from IP=192.168.30.227:32843
(IP=0.0.0.0:34049) accepted.
conn=19 op=0 BIND dn="CN=MANAGER,DC=TEST,DC=COM" method=128
conn=19 op=0 RESULT tag=97 err=0 text=
conn=19 op=1 SRCH base="dc=TEST,dc=COM" scope=2 filter="(uid=Admin)"
ldap connection attempt from [192.168.30.227]
conn=19 op=1 SEARCH RESULT tag=101 err=0 text=
conn=19 op=2 BIND dn="UID=ADMIN,OU=ADMINS,OU=MAINHOST01,O=TEST TEST
COMPANY,DC=TEST,DC=COM" method=128
conn=19 op=2 RESULT tag=97 err=50 text=
conn=19 op=3 BIND dn="CN=MANAGER,DC=TEST,DC=COM" method=128
conn=19 op=3 RESULT tag=97 err=0 text=
conn=-1 fd=9 closed
If i use the ldapsearch Admin is returned. (GQ).
The i tried the same thing with the proftp-ldap server.
The Auth to the ldap server succeeded but than the PAM send this output to
the auth.log:
PAM(Admin): Authentication service cannot retrieve authentication info..
I see that the proftpserver connects to the ldap server, binds and then
search for the uid=Admin which suceeded.
The userPassword attr. is also read.
But what's the error message of PAM ?.
I used the simplest way of configuration of testing the ldap to implement
it in the future with kerberos and sasl.
But now i see that even the "dummy" way is not working.

Does anyone have a clue to get the thing working or am i comletely wrong
with my installation.


Thanks in advance


Franz

Prev by Date: AW: Slapd listens only on 636
Next by Date: RE: Slapd listens only on 636
Index(es):
- Chronological
- Thread