[gentoo-user] LDAP and PAM (strange and confuse, but interesting)

Wed, 21 Jun 2006 23:42:55 -0700 

Hi,

 I'm trying to setup a environment where I want my users for main
services, such as sshd, samba and so on to auth on a LDAP server.
 I installed pam_ldap and I have my LDAP up. After following some
guides, I have a problem which I don't know how to solve. When I type
on shell:

# getent passwd
{the content of /etc/passwd file}
after this...
request done: ld 0x51cda0 msgid 1
request done: ld 0x5445e0 msgid 1
request done: ld 0x5445e0 msgid 1
request done: ld 0x5445e0 msgid 1
request done: ld 0x5445e0 msgid 1
request done: ld 0x5445e0 msgid 1
request done: ld 0x5445e0 msgid 1

When I check the syslogd file I can see:

Jun 22 03:17:02 embedded slapd[23890]: conn=22 fd=12 ACCEPT from
IP=150.165.63.1:57920 (IP=0.0.0.0:636)
Jun 22 03:17:02 embedded slapd[23890]: conn=22 fd=12 TLS established
tls_ssf=256 ssf=256
Jun 22 03:17:02 embedded slapd[23890]: conn=22 op=0 STARTTLS
Jun 22 03:17:02 embedded slapd[23890]: conn=22 op=0 RESULT oid= err=1
text=TLS already started
Jun 22 03:17:02 embedded getent: nss_ldap: reconnecting to LDAP server
(sleeping 8 seconds)...
Jun 22 03:17:02 embedded slapd[23890]: conn=22 op=1 UNBIND
Jun 22 03:17:02 embedded slapd[23890]: conn=22 fd=12 closed
Jun 22 03:17:02 embedded slapd[23890]: connection_read(12): no connection!

I'm using TLS and everything seems to works fine by using
phpldapadmin, lam and ldap command line, such as ldapsearch,
ldapadd, when I use -x option, in this last case.

Well, here are the main configuration:

/etc/openldap/ldap.conf

BASE    dc=embedded,o=Embedded,c=BR
URI     ldaps://myhost.mydomain.com
TLS_REQCERT  allow
PORT 636

/etc/ldap.conf

host myhost.mydomain.com
base o=Embedded,c=BR
uri ldaps://myhost.mydomain.com/
binddn cn=Manager,o=Embedded,c=BR
rootbinddn cn=Manager,o=Embedded,c=BR
port 636
pam_filter objectclass=account
pam_login_attribute uid
pam_password md5
debug 256
logdir /var/log/nss_ldap
nss_base_passwd         ou=People,o=Embedded,c=BR
nss_base_shadow         ou=People,o=Embedded,c=BR
nss_base_group          ou=Group,o=Embedded,c=BR
ssl start_tls
tls_checkpeer yes
tls_cacertfile /etc/ssl/ldap.pem
tls_cacertdir /etc/ssl

In which format should I enter the secret password in /etc/ldap.secret
file? I'm putting something like:

{MD5}md5-hash-here

Is it correct?

I also made proper chances in /etc/nsswitch.conf and /etc/pam.d/system-auth

Does someone can help me. Any pointer/suggestion will be greatufully accepted.

Thank you,

Leandro.


--
Leandro Melo de Sales.
Computer Science Student
Laboratório de Sistemas Distribuídos - www.lsd.ufcg.edu.br
Laboratório de Sistemas Embarcados e Computação Pervasiva -
www.embeddedacademy.org
Universidade Federal de Campina Grande - UFCG
Campina Grande - PB - Brasil

--
gentoo-user@gentoo.org mailing list

Reply via email to