yes, was upgrade from libpam-ldap and probably made even more confusing because I deploy using puppet (which is currently not running on this client so it doesn't much with all the manual changes that I've been making to this test server). Thus nsswitch.conf, ldap.conf (both padl & openldap files), pam.d/common-password, pam.d/common-session are all deployed by puppet. /etc/pam.d/common-account is not however so that was obviously put there at the original install of 10.04 & pam-ldap. It is certain that I am not running things like dpkg-reconfigure libpam- ldap(d) nor pam-auth-update as I have been asserting the contents of pam.d/common-* via puppet
clearly this fixed it as after running dpkg-reconfigure libpam-ldapd I was indeed 'blocked' from access (and yes, it was with a pre-shared key). Then after adding the hostname back into my LDAP profile, I was indeed allowed to access so it would appear that this is workable (though I will have to sort through pam.d/common-* to see what changes as I did have some customizations. I didn't change nsswitch to remove ldap from shadow and it didn't seem to matter and I'm unclear what the difference is either way. Thanks - I suppose you can close this as notabug but rather excessive customization interference by end user -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/992737 Title: Ineffective pam_authz_search filter To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/992737/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
