lists.arthurdejong.org
RSS feed

Re: Newbie - user authentication failing.

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Newbie - user authentication failing.



Hi,

If I stop nscd, then the user authentication works.

I am not getting what could be the reason.

Thanks,
Vinay


On Thu, Feb 10, 2011 at 1:25 PM, Vinay Kalkoti <kalkoti.vinay@gmail.com> wrote:
> Hi,
>
> I am trying to use nss-pam-ldapd for the following reasons -
> 1. It gives me flexibity to authenticate users even if unix attributes
> like gid, homeDirectory, loginShell are not present on the directory
> server by overriding those attributes.
>
> I read that I can override the home directory to /home/$uid. This was
> my major requirement. I also wanted a confirmation that I can set the
> home directory path to /home/$uid even if the home directory attribute
> is set to a different path (like /users/unix) on the directory server.
>
> Another question I had was, should I still configure openldap client
> for nss-pam-ldapd ?. I am using SLES (10, sp2) and my openldap
> configuration file is /etc/openldap/ldap.conf
>
> I followed the documentation to configure nss-pam-ldapd.
>
> I need to configure it against both LDAP servers and Active Directory servers.
>
> I have started with LDAP server and I have set the configurations in
> /etc/nslcd.conf
>
> - uri ldap://<ip>
> - base    dc=example,dc=comp,dc=com
> - binddn cn=Administrator,dc=example,dc=comp,dc=com
> - bindpw secret
> - scope sub
>
> I have not enabled any other configurations for LDAP server
> authentication. I started nslcd daemon and "getent passwd" gives all
> the LDAP server entries.
>
> If I try "su - test_user', it just throws me an error "su: user
> test_user does not exist, where test_user is from an ldap server and
> 'getent passwd' lists it.
>
> If I try ssh with the user account, I see that nslcd is trying the
> same user account for binding.
>
> nslcd: [b127f8] DEBUG:
> ldap_simple_bind_s("uid=test_user,dc=example,dc=comp,dc=com","***")
> (uri="ldap://1<ip>")
> nslcd: [b127f8] DEBUG: failed to bind to LDAP server ldap://<ip>:
> Invalid credentials
> nslcd: [b127f8] DEBUG: ldap_unbind()
> nslcd: [b127f8] lookup of user uid=test_user,dc=example,dc=comp,dc=com
> failed: Invalid credentials
>
>
> I am stuck in this and am not able to continue.
>
> Thanks,
> Vinay
>
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users