On Thu, Jun 13, 2002 at 04:07:30PM -0700, David Wright wrote:
| 
| Looking over your files, I see quite a few problems:
| 
| 1) You need to configure nss_ldap.conf as well as pam_ldap.conf.

Umm, I don't have that ... I need to install libnss-ldap ... that
really helps :-).
 
| 2) The lines in nsswitch.conf should really be "files ldap" not "ldap
| files", i.e. local data takes precedence.

You're right.  I think the howtos I read had it reversed (and they
were meant for RH, of course).
 
| 3) You need to tell pam.d/login to use the same password for pam_unix that
| it tried to use for pam_ldap:
|   auth    sufficient     pam_ldap.so
|   auth    required       pam_unix.so nullok try_first_pass

Hmm, ok.  The docs I read didn't mention that.
 
| 4) In pam_ldap.conf, it's best not to bind as anyone.

Right.  When all else fails, it doesn't hurt to try.

| pam_ldap will attempt to bind with the given password and that will
| be the test. You'll need to use
|   pam_password exop
| if you still want to change user passwords with this setup.

Ok, thanks.

After correcting #1, all is well.  Thanks for noticing that!

-D

-- 

Who can say, "I have kept my heart pure;
I am clean and without sin"?
        Proverbs 20:9
 
http://dman.ddts.net/~dman/

Attachment: pgpadj8AKWzEz.pgp
Description: PGP signature

Reply via email to