Re:- Obtaining login attributes from ldap server

[Karthik Pr <mckarvin [at] gmail.com>]

Hi,

i am having trouble obtain user related info (gid, loginshell, home directory) from ldap server.

My ldap server entry:

dn: uid=karthik,ou=People,dc=unixmen-test,dc=com
uid: karthik
cn: Manager
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$dXpSo2yr$xMRWGLq2xxM.pIvtT/yPh0
shadowLastChange: 16225
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 501
gidNumber: 501
homeDirectory: /home/karthik

I have nslcd running on my client and my conf file points to correct address.

My pam.conf file has following entries:

auth     sufficient                     /lib/security/pam_radius_auth.so try_first_pass
account  required                       /lib/security/pam_ldap.so debug
password required                       /lib/security/pam_ldap.so debug
session  required                       /lib/security/pam_ldap.so debug

The idea behind the setup if to prevent adding entries to /etc/passwd file. I have also updated the nsswitch.conf file to add ldap.

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap

Howoever, I see that the pam_ldap library requests only uid and uidnumber from ldap server. The attribute list for the request to ldap server does not have loginshell or homedirectory.

can someone let me know how to get the value of following attributes from ldap server?

Thanks
Karthik

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/