nslcd (via pam), pam_authz_search and active directory
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
nslcd (via pam), pam_authz_search and active directory
- From: "btb [at] bitrate.net" <btb [at] bitrate.net>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: nslcd (via pam), pam_authz_search and active directory
- Date: Tue, 09 Nov 2010 11:02:39 -0500
hi-
i'm trying to use pam_authz_search, but it appears (at least based on
the debug output of nslcd) that it is not being used. i'm hoping
someone can tell me what i'm doing wrong (or what i'm missing).
nslcd.conf and nslcd debug output below.
thanks
-ben
>egrep -v '(^[[:space:]]*#|^[[:space:]]*$)' nslcd.conf
uid nslcd
gid nslcd
uri ldap://jupiter.example.com/
base ou=staff,ou=people,dc=example,dc=com
binddn cn=orb_nslcd,ou=orb.example.com,ou=service_accounts,dc=example,dc=com
bindpw xxxxxxxxxxxxxxxxxxxxxxxxxxxx
ssl start_tls
tls_reqcert allow
tls_cacertfile /etc/ssl/certs/ca-certificates.crt
pam_authz_search
(&(objectClass=user)(memberof=cn=orb2_virtualbox,ou=orb.example.com,ou=service_accounts,dc=example,dc=com))
filter passwd (objectClass=user)
map passwd uid samaccountname
>nslcd -d
nslcd: DEBUG: add_uri(ldap://jupiter.example.com/)
nslcd: DEBUG: ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_CERT,3)
nslcd: DEBUG:
ldap_set_option(LDAP_OPT_X_TLS_CACERTFILE,"/etc/ssl/certs/ca-certificates.crt")
nslcd: version 0.7.12 starting
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No
such file or directory
nslcd: cannot setgroups(0,NULL) (ignored): Operation not permitted
nslcd: DEBUG: setgid(113) done
nslcd: DEBUG: setuid(105) done
nslcd: accepting connections
nslcd: [8b4567] DEBUG: connection from pid=15466 uid=103 gid=110
nslcd: [8b4567] DEBUG: nslcd_pam_authc("jdoe","","vrdpauth","***")
nslcd: [8b4567] DEBUG:
myldap_search(base="ou=staff,ou=people,dc=example,dc=com",
filter="(&(objectClass=user)(samaccountname=jdoe))")
nslcd: [8b4567] DEBUG: ldap_initialize(ldap://jupiter.example.com/)
nslcd: [8b4567] DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_start_tls_s()
nslcd: [8b4567] DEBUG:
ldap_simple_bind_s("cn=orb_nslcd,ou=orb.example.com,ou=service_accounts,dc=example,dc=com","***")
(uri="ldap://jupiter.example.com/")
nslcd: [8b4567] DEBUG:
myldap_search(base="CN=jdoe,OU=_Infotech,OU=staff,OU=people,dc=example,dc=com",
filter="(objectClass=user)")
nslcd: [8b4567] DEBUG: ldap_initialize(ldap://jupiter.example.com/)
nslcd: [8b4567] DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_start_tls_s()
nslcd: [8b4567] DEBUG:
ldap_simple_bind_s("CN=jdoe,OU=_Infotech,OU=staff,OU=people,dc=example,dc=com","***")
(uri="ldap://jupiter.example.com/")
nslcd: [8b4567] DEBUG: ldap_unbind()
nslcd: [8b4567] DEBUG: bind successful
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users
- nslcd (via pam), pam_authz_search and active directory,
btb@bitrate.net
