lists.arthurdejong.org
RSS feed

Newbie - user authentication failing.

[Date Prev][Date Next] [Thread Prev][Thread Next]

Newbie - user authentication failing.



Hi,

I am trying to use nss-pam-ldapd for the following reasons -
1. It gives me flexibity to authenticate users even if unix attributes
like gid, homeDirectory, loginShell are not present on the directory
server by overriding those attributes.

I read that I can override the home directory to /home/$uid. This was
my major requirement. I also wanted a confirmation that I can set the
home directory path to /home/$uid even if the home directory attribute
is set to a different path (like /users/unix) on the directory server.

Another question I had was, should I still configure openldap client
for nss-pam-ldapd ?. I am using SLES (10, sp2) and my openldap
configuration file is /etc/openldap/ldap.conf

I followed the documentation to configure nss-pam-ldapd.

I need to configure it against both LDAP servers and Active Directory servers.

I have started with LDAP server and I have set the configurations in
/etc/nslcd.conf

- uri ldap://<ip>
- base    dc=example,dc=comp,dc=com
- binddn cn=Administrator,dc=example,dc=comp,dc=com
- bindpw secret
- scope sub

I have not enabled any other configurations for LDAP server
authentication. I started nslcd daemon and "getent passwd" gives all
the LDAP server entries.

If I try "su - test_user', it just throws me an error "su: user
test_user does not exist, where test_user is from an ldap server and
'getent passwd' lists it.

If I try ssh with the user account, I see that nslcd is trying the
same user account for binding.

nslcd: [b127f8] DEBUG:
ldap_simple_bind_s("uid=test_user,dc=example,dc=comp,dc=com","***")
(uri="ldap://1<ip>")
nslcd: [b127f8] DEBUG: failed to bind to LDAP server ldap://<ip>:
Invalid credentials
nslcd: [b127f8] DEBUG: ldap_unbind()
nslcd: [b127f8] lookup of user uid=test_user,dc=example,dc=comp,dc=com
failed: Invalid credentials


I am stuck in this and am not able to continue.

Thanks,
Vinay
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users