[ale] OpenLDAP: So close and yet so far
Jim Kinney
jim.kinney at gmail.com
Wed Jun 3 11:16:03 EDT 2009
is the ldap stuff in pam? It looks like user authentication is failing
inside of pam. pam _knows_ how it's being called and all the bits must
line up. You will need nss_ldap for pam to work properly.
Also, use TLS and set up the server cert (bogus is OK if manually
approved and added on client). This will allow even winders clients to
auth over ldap.
On Wed, Jun 3, 2009 at 10:12 AM, Jeff Hubbs<jeffrey.hubbs at gmail.com> wrote:
> I've gotten an OpenLDAP server running and an OpenLDAP client configured
> (same machine for now, but other clients will follow once I finally get this
> working) to the point where if I try to log in to the client, I get
> "sshd[3069]: pam_ldap: error trying to bind as user
> "uid=jeffldap,ou=Users,dc=clacorp,dc=com" (Invalid credentials)" in
> /var/log/messages. I don't get that message if I use some random
> known-not-good username, but I do get it if I use the right username but a
> bad password. I can use the right password to run ldapsearch for myself *as
> myself* and get a good result and ldapwhoami also works. Where might I have
> gone wrong?
>
> - Jeff
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>
>
--
--
James P. Kinney III
Actively in pursuit of Life, Liberty and Happiness
More information about the Ale
mailing list