LDAP password is "INCORRECT"

[Date Prev][Date Next] [Thread Prev][Thread Next]
From: rdkehn [at] yahoo.com
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Cc: rdkehn [at] yahoo.com
Subject: LDAP password is "INCORRECT"
Date: Fri, 15 May 2015 17:11:50 -0500
Hi Everyone,

I'm attempting to add LDAP authentication (against Windows Active Directory) to 
an embedded Linux system.  I'm learning as I go so I'm sure I have a lot wrong. 
 In Wireshark I noticed that the bind password was "INCORRECT" instead of the 
entered password.  I haven't figured out what's wrong so I thought I'd ask is 
generating the password?

Thanks and Regards,

...doug


#
# nslcd output
#
nslcd: DEBUG: NSS_LDAP nss-pam-ldapd 0.9.5
nslcd: DEBUG: CFG: threads 5
nslcd: DEBUG: CFG: uid nslcd
nslcd: DEBUG: CFG: gid 1005
nslcd: DEBUG: CFG: uri ldap://10.17.32.4/
nslcd: DEBUG: CFG: ldap_version 3
nslcd: DEBUG: CFG: binddn cn=Spam 
LDAP,ou=ServicesAccounts,ou=UserIDs,dc=domain,dc=com
nslcd: DEBUG: CFG: bindpw ***
nslcd: DEBUG: CFG: base ou=ServicesAccounts,ou=UserIDs,dc=domain,dc=com
nslcd: DEBUG: CFG: scope sub
nslcd: DEBUG: CFG: deref never
nslcd: DEBUG: CFG: referrals no
nslcd: DEBUG: CFG: filter aliases (objectClass=nisMailAlias)
nslcd: DEBUG: CFG: filter ethers (objectClass=ieee802Device)
nslcd: DEBUG: CFG: filter group (|(objectClass=group)(objectClass=person))
nslcd: DEBUG: CFG: filter hosts (objectClass=ipHost)
nslcd: DEBUG: CFG: filter netgroup (objectClass=nisNetgroup)
nslcd: DEBUG: CFG: filter networks (objectClass=ipNetwork)
nslcd: DEBUG: CFG: filter passwd (objectClass=user)
nslcd: DEBUG: CFG: filter protocols (objectClass=ipProtocol)
nslcd: DEBUG: CFG: filter rpc (objectClass=oncRpc)
nslcd: DEBUG: CFG: filter services (objectClass=ipService)
nslcd: DEBUG: CFG: filter shadow (objectClass=user)
nslcd: DEBUG: CFG: map group userPassword "*"
nslcd: DEBUG: CFG: map passwd uid cn
nslcd: DEBUG: CFG: map passwd userPassword "*"
nslcd: DEBUG: CFG: map passwd gecos cn
nslcd: DEBUG: CFG: map passwd homeDirectory "/home/$cn"
nslcd: DEBUG: CFG: map passwd loginShell "/bin/sh"
nslcd: DEBUG: CFG: map shadow uid cn
nslcd: DEBUG: CFG: map shadow userPassword "*"
nslcd: DEBUG: CFG: map shadow shadowLastChange "${shadowLastChange:--1}"
nslcd: DEBUG: CFG: map shadow shadowMin "${shadowMin:--1}"
nslcd: DEBUG: CFG: map shadow shadowMax "${shadowMax:--1}"
nslcd: DEBUG: CFG: map shadow shadowWarning "${shadowWarning:--1}"
nslcd: DEBUG: CFG: map shadow shadowInactive "${shadowInactive:--1}"
nslcd: DEBUG: CFG: map shadow shadowExpire "${shadowExpire:--1}"
nslcd: DEBUG: CFG: map shadow shadowFlag "${shadowFlag:-0}"
nslcd: DEBUG: CFG: bind_timelimit 10
nslcd: DEBUG: CFG: timelimit 0
nslcd: DEBUG: CFG: idle_timelimit 0
nslcd: DEBUG: CFG: reconnect_sleeptime 1
nslcd: DEBUG: CFG: reconnect_retrytime 10
nslcd: DEBUG: CFG: ssl off
nslcd: DEBUG: CFG: tls_reqcert demand
nslcd: DEBUG: CFG: pagesize 1000
nslcd: DEBUG: CFG: nss_min_uid 0
nslcd: DEBUG: CFG: nss_nested_groups no
nslcd: DEBUG: CFG: validnames /^[a-z0-9._@$()]([a-z0-9._@$() 
\~-]*[a-z0-9._@$()~-])?$/i
nslcd: DEBUG: CFG: ignorecase no
nslcd: DEBUG: CFG: pam_authz_search (&(objectClass=user)(uid=$username))
nslcd: DEBUG: CFG: cache dn2uid 15m 15m
nslcd: version 0.9.5 starting
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No such file 
or directory
nslcd: DEBUG: initgroups("nslcd",1005) done
nslcd: DEBUG: setgid(1005) done
nslcd: DEBUG: setuid(1006) done
nslcd: accepting connections
nslcd: [8b4567] DEBUG: connection from pid=1990 uid=0 gid=0
nslcd.c:339:read_header: READ       : var=&tmpint32 size=4
nslcd.c:339:read_header: 00 00 00 02
nslcd.c:339:read_header: READ_INT32 : var=protocol int32==00000002
nslcd.c:346:read_header: READ       : var=&tmpint32 size=4
nslcd.c:346:read_header: 00 08 00 01
nslcd.c:346:read_header: READ_INT32 : var=*action int32==00080001
passwd.c:575:nslcd_passwd_byname: READ       : var=&tmpint32 size=4
passwd.c:575:nslcd_passwd_byname: 00 00 00 08
passwd.c:575:nslcd_passwd_byname: READ_STRING: var=name strlen=8
passwd.c:575:nslcd_passwd_byname: READ       : var=name size=8
passwd.c:575:nslcd_passwd_byname: 64 6f 75 67 74 65 73 74
passwd.c:575:nslcd_passwd_byname: READ_STRING: var=name string="dougtest"
passwd.c:575:nslcd_passwd_byname: WRITE_INT32 : var=0x00000002 int32=00000002
passwd.c:575:nslcd_passwd_byname: WRITE       : var=&tmpint32 size=4
passwd.c:575:nslcd_passwd_byname: 00 00 00 02
passwd.c:575:nslcd_passwd_byname: WRITE_INT32 : var=0x00080001 int32=00080001
passwd.c:575:nslcd_passwd_byname: WRITE       : var=&tmpint32 size=4
passwd.c:575:nslcd_passwd_byname: 00 08 00 01
nslcd: [8b4567] <passwd="dougtest"> DEBUG: 
myldap_search(base="ou=ServicesAccounts,ou=UserIDs,dc=domain,dc=com", 
filter="(&(objectClass=user)(cn=dougtest))")
nslcd: [8b4567] <passwd="dougtest"> DEBUG: ldap_initialize(ldap://10.17.32.4/)
nslcd: [8b4567] <passwd="dougtest"> DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] <passwd="dougtest"> DEBUG: 
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] <passwd="dougtest"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] <passwd="dougtest"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [8b4567] <passwd="dougtest"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [8b4567] <passwd="dougtest"> DEBUG: 
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [8b4567] <passwd="dougtest"> DEBUG: 
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_OFF)
nslcd: [8b4567] <passwd="dougtest"> DEBUG: 
ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] <passwd="dougtest"> DEBUG: ldap_simple_bind_s("cn=Spam 
LDAP,ou=ServicesAccounts,ou=UserIDs,dc=domain,dc=com","***") 
(uri="ldap://10.17.32.4/";)
nslcd: [8b4567] <passwd="dougtest"> DEBUG: ldap_result(): 
CN=dougtest,OU=ServicesAccounts,OU=UserIDs,DC=domain,DC=com
nslcd: [8b4567] <passwd="dougtest"> 
CN=dougtest,OU=ServicesAccounts,OU=UserIDs,DC=domain,DC=com: uidNumber: missing
nslcd: [8b4567] <passwd="dougtest"> DEBUG: ldap_result(): end of results (1 
total)
passwd.c:575:nslcd_passwd_byname: WRITE_INT32 : var=2 int32=00000002
passwd.c:575:nslcd_passwd_byname: WRITE       : var=&tmpint32 size=4
passwd.c:575:nslcd_passwd_byname: 00 00 00 02
nslcd: [7b23c6] DEBUG: connection from pid=1992 uid=0 gid=0
nslcd.c:339:read_header: READ       : var=&tmpint32 size=4
nslcd.c:339:read_header: 00 00 00 02
nslcd.c:339:read_header: READ_INT32 : var=protocol int32==00000002
nslcd.c:346:read_header: READ       : var=&tmpint32 size=4
nslcd.c:346:read_header: 00 08 00 01
nslcd.c:346:read_header: READ_INT32 : var=*action int32==00080001
passwd.c:575:nslcd_passwd_byname: READ       : var=&tmpint32 size=4
passwd.c:575:nslcd_passwd_byname: 00 00 00 08
passwd.c:575:nslcd_passwd_byname: READ_STRING: var=name strlen=8
passwd.c:575:nslcd_passwd_byname: READ       : var=name size=8
passwd.c:575:nslcd_passwd_byname: 64 6f 75 67 74 65 73 74
passwd.c:575:nslcd_passwd_byname: READ_STRING: var=name string="dougtest"
passwd.c:575:nslcd_passwd_byname: WRITE_INT32 : var=0x00000002 int32=00000002
passwd.c:575:nslcd_passwd_byname: WRITE       : var=&tmpint32 size=4
passwd.c:575:nslcd_passwd_byname: 00 00 00 02
passwd.c:575:nslcd_passwd_byname: WRITE_INT32 : var=0x00080001 int32=00080001
passwd.c:575:nslcd_passwd_byname: WRITE       : var=&tmpint32 size=4
passwd.c:575:nslcd_passwd_byname: 00 08 00 01
nslcd: [7b23c6] <passwd="dougtest"> DEBUG: 
myldap_search(base="ou=ServicesAccounts,ou=UserIDs,dc=domain,dc=com", 
filter="(&(objectClass=user)(cn=dougtest))")
nslcd: [7b23c6] <passwd="dougtest"> DEBUG: ldap_result(): 
CN=dougtest,OU=ServicesAccounts,OU=UserIDs,DC=domain,DC=com
nslcd: [7b23c6] <passwd="dougtest"> 
CN=dougtest,OU=ServicesAccounts,OU=UserIDs,DC=domain,DC=com: uidNumber: missing
nslcd: [7b23c6] <passwd="dougtest"> DEBUG: ldap_result(): end of results (1 
total)
passwd.c:575:nslcd_passwd_byname: WRITE_INT32 : var=2 int32=00000002
passwd.c:575:nslcd_passwd_byname: WRITE       : var=&tmpint32 size=4
passwd.c:575:nslcd_passwd_byname: 00 00 00 02
nslcd: [3c9869] DEBUG: connection from pid=1992 uid=0 gid=0
nslcd.c:339:read_header: READ       : var=&tmpint32 size=4
nslcd.c:339:read_header: 00 00 00 02
nslcd.c:339:read_header: READ_INT32 : var=protocol int32==00000002
nslcd.c:346:read_header: READ       : var=&tmpint32 size=4
nslcd.c:346:read_header: 00 0d 00 01
nslcd.c:346:read_header: READ_INT32 : var=*action int32==000d0001
pam.c:275:nslcd_pam_authc: READ       : var=&tmpint32 size=4
pam.c:275:nslcd_pam_authc: 00 00 00 08
pam.c:275:nslcd_pam_authc: READ_STRING: var=username strlen=8
pam.c:275:nslcd_pam_authc: READ       : var=username size=8
pam.c:275:nslcd_pam_authc: 64 6f 75 67 74 65 73 74
pam.c:275:nslcd_pam_authc: READ_STRING: var=username string="dougtest"
pam.c:276:nslcd_pam_authc: READ       : var=&tmpint32 size=4
pam.c:276:nslcd_pam_authc: 00 00 00 04
pam.c:276:nslcd_pam_authc: READ_STRING: var=service strlen=4
pam.c:276:nslcd_pam_authc: READ       : var=service size=4
pam.c:276:nslcd_pam_authc: 73 73 68 64
pam.c:276:nslcd_pam_authc: READ_STRING: var=service string="sshd"
pam.c:277:nslcd_pam_authc: READ       : var=&tmpint32 size=4
pam.c:277:nslcd_pam_authc: 00 00 00 00
pam.c:277:nslcd_pam_authc: READ_STRING: var=ruser strlen=0
pam.c:277:nslcd_pam_authc: READ_STRING: var=ruser string=""
pam.c:278:nslcd_pam_authc: READ       : var=&tmpint32 size=4
pam.c:278:nslcd_pam_authc: 00 00 00 0b
pam.c:278:nslcd_pam_authc: READ_STRING: var=rhost strlen=11
pam.c:278:nslcd_pam_authc: READ       : var=rhost size=11
pam.c:278:nslcd_pam_authc: 31 30 2e 31 37 2e 33 32 2e 33 33
pam.c:278:nslcd_pam_authc: READ_STRING: var=rhost string="10.17.32.33"
pam.c:279:nslcd_pam_authc: READ       : var=&tmpint32 size=4
pam.c:279:nslcd_pam_authc: 00 00 00 03
pam.c:279:nslcd_pam_authc: READ_STRING: var=tty strlen=3
pam.c:279:nslcd_pam_authc: READ       : var=tty size=3
pam.c:279:nslcd_pam_authc: 73 73 68
pam.c:279:nslcd_pam_authc: READ_STRING: var=tty string="ssh"
pam.c:280:nslcd_pam_authc: READ       : var=&tmpint32 size=4
pam.c:280:nslcd_pam_authc: 00 00 00 0d
pam.c:280:nslcd_pam_authc: READ_STRING: var=password strlen=13
pam.c:280:nslcd_pam_authc: READ       : var=password size=13
pam.c:280:nslcd_pam_authc: 08 0a 0d 7f 49 4e 43 4f 52 52 45 43 54
pam.c:280:nslcd_pam_authc: READ_STRING: var=password string="
INCORRECT"
nslcd: [3c9869] <authc="dougtest"> DEBUG: 
nslcd_pam_authc("dougtest","sshd","***")
pam.c:286:nslcd_pam_authc: WRITE_INT32 : var=0x00000002 int32=00000002
pam.c:286:nslcd_pam_authc: WRITE       : var=&tmpint32 size=4
pam.c:286:nslcd_pam_authc: 00 00 00 02
pam.c:287:nslcd_pam_authc: WRITE_INT32 : var=0x000d0001 int32=000d0001
pam.c:287:nslcd_pam_authc: WRITE       : var=&tmpint32 size=4
pam.c:287:nslcd_pam_authc: 00 0d 00 01
nslcd: [3c9869] <authc="dougtest"> DEBUG: 
myldap_search(base="ou=ServicesAccounts,ou=UserIDs,dc=domain,dc=com", 
filter="(&(objectClass=user)(cn=dougtest))")
nslcd: [3c9869] <authc="dougtest"> DEBUG: ldap_result(): 
CN=dougtest,OU=ServicesAccounts,OU=UserIDs,DC=domain,DC=com
nslcd: [3c9869] <authc="dougtest"> DEBUG: 
myldap_search(base="CN=dougtest,OU=ServicesAccounts,OU=UserIDs,DC=domain,DC=com",
 filter="(objectClass=*)")
nslcd: [3c9869] <authc="dougtest"> DEBUG: ldap_initialize(ldap://10.17.32.4/)
nslcd: [3c9869] <authc="dougtest"> DEBUG: ldap_set_rebind_proc()
nslcd: [3c9869] <authc="dougtest"> DEBUG: 
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [3c9869] <authc="dougtest"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [3c9869] <authc="dougtest"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [3c9869] <authc="dougtest"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [3c9869] <authc="dougtest"> DEBUG: 
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [3c9869] <authc="dougtest"> DEBUG: 
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_OFF)
nslcd: [3c9869] <authc="dougtest"> DEBUG: 
ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [3c9869] <authc="dougtest"> DEBUG: 
ldap_sasl_bind("CN=dougtest,OU=ServicesAccounts,OU=UserIDs,DC=domain,DC=com","***")
 (uri="ldap://10.17.32.4/";)
nslcd: [3c9869] <authc="dougtest"> DEBUG: ldap_parse_result() result: Invalid 
credentials: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext 
error, data 52e, v1db1
nslcd: [3c9869] <authc="dougtest"> DEBUG: failed to bind to LDAP server 
ldap://10.17.32.4/: Invalid credentials: 80090308: LdapErr: DSID-0C0903A9, 
comment: AcceptSecurityContext error, data 52e, v1db1
nslcd: [3c9869] <authc="dougtest"> DEBUG: ldap_unbind()
nslcd: [3c9869] <authc="dougtest"> 
CN=dougtest,OU=ServicesAccounts,OU=UserIDs,DC=domain,DC=com: Invalid credentials
nslcd: [3c9869] <authc="dougtest"> DEBUG: 
myldap_search(base="ou=ServicesAccounts,ou=UserIDs,dc=domain,dc=com", 
filter="(&(objectClass=user)(cn=dougtest))")
nslcd: [3c9869] <authc="dougtest"> DEBUG: ldap_result(): 
CN=dougtest,OU=ServicesAccounts,OU=UserIDs,DC=domain,DC=com
pam.c:344:nslcd_pam_authc: WRITE_INT32 : var=1 int32=00000001
pam.c:344:nslcd_pam_authc: WRITE       : var=&tmpint32 size=4
pam.c:344:nslcd_pam_authc: 00 00 00 01
pam.c:345:nslcd_pam_authc: WRITE_INT32 : var=rc int32=00000007
pam.c:345:nslcd_pam_authc: WRITE       : var=&tmpint32 size=4
pam.c:345:nslcd_pam_authc: 00 00 00 07
pam.c:346:nslcd_pam_authc: WRITE_STRING: var=username string="dougtest"
pam.c:346:nslcd_pam_authc: WRITE_INT32 : var=strlen(username) int32=00000008
pam.c:346:nslcd_pam_authc: WRITE       : var=&tmpint32 size=4
pam.c:346:nslcd_pam_authc: 00 00 00 08
pam.c:346:nslcd_pam_authc: WRITE       : var=(username) size=8
pam.c:346:nslcd_pam_authc: 64 6f 75 67 74 65 73 74
pam.c:347:nslcd_pam_authc: WRITE_INT32 : var=authzrc int32=00000000
pam.c:347:nslcd_pam_authc: WRITE       : var=&tmpint32 size=4
pam.c:347:nslcd_pam_authc: 00 00 00 00
pam.c:348:nslcd_pam_authc: WRITE_STRING: var=authzmsg string=""
pam.c:348:nslcd_pam_authc: WRITE_INT32 : var=strlen(authzmsg) int32=00000000
pam.c:348:nslcd_pam_authc: WRITE       : var=&tmpint32 size=4
pam.c:348:nslcd_pam_authc: 00 00 00 00
pam.c:349:nslcd_pam_authc: WRITE_INT32 : var=2 int32=00000002
pam.c:349:nslcd_pam_authc: WRITE       : var=&tmpint32 size=4
pam.c:349:nslcd_pam_authc: 00 00 00 02
nslcd: [334873] DEBUG: connection from pid=1992 uid=0 gid=0
nslcd.c:339:read_header: READ       : var=&tmpint32 size=4
nslcd.c:339:read_header: 00 00 00 02
nslcd.c:339:read_header: READ_INT32 : var=protocol int32==00000002
nslcd.c:346:read_header: READ       : var=&tmpint32 size=4
nslcd.c:346:read_header: 00 08 00 01
nslcd.c:346:read_header: READ_INT32 : var=*action int32==00080001
passwd.c:575:nslcd_passwd_byname: READ       : var=&tmpint32 size=4
passwd.c:575:nslcd_passwd_byname: 00 00 00 08
passwd.c:575:nslcd_passwd_byname: READ_STRING: var=name strlen=8
passwd.c:575:nslcd_passwd_byname: READ       : var=name size=8
passwd.c:575:nslcd_passwd_byname: 64 6f 75 67 74 65 73 74
passwd.c:575:nslcd_passwd_byname: READ_STRING: var=name string="dougtest"
passwd.c:575:nslcd_passwd_byname: WRITE_INT32 : var=0x00000002 int32=00000002
passwd.c:575:nslcd_passwd_byname: WRITE       : var=&tmpint32 size=4
passwd.c:575:nslcd_passwd_byname: 00 00 00 02
passwd.c:575:nslcd_passwd_byname: WRITE_INT32 : var=0x00080001 int32=00080001
passwd.c:575:nslcd_passwd_byname: WRITE       : var=&tmpint32 size=4
passwd.c:575:nslcd_passwd_byname: 00 08 00 01
nslcd: [334873] <passwd="dougtest"> DEBUG: 
myldap_search(base="ou=ServicesAccounts,ou=UserIDs,dc=domain,dc=com", 
filter="(&(objectClass=user)(cn=dougtest))")
nslcd: [334873] <passwd="dougtest"> DEBUG: ldap_initialize(ldap://10.17.32.4/)
nslcd: [334873] <passwd="dougtest"> DEBUG: ldap_set_rebind_proc()
nslcd: [334873] <passwd="dougtest"> DEBUG: 
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [334873] <passwd="dougtest"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [334873] <passwd="dougtest"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [334873] <passwd="dougtest"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [334873] <passwd="dougtest"> DEBUG: 
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [334873] <passwd="dougtest"> DEBUG: 
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_OFF)
nslcd: [334873] <passwd="dougtest"> DEBUG: 
ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [334873] <passwd="dougtest"> DEBUG: ldap_simple_bind_s("cn=Spam 
LDAP,ou=ServicesAccounts,ou=UserIDs,dc=domain,dc=com","***") 
(uri="ldap://10.17.32.4/";)
nslcd: [334873] <passwd="dougtest"> DEBUG: ldap_result(): 
CN=dougtest,OU=ServicesAccounts,OU=UserIDs,DC=domain,DC=com
nslcd: [334873] <passwd="dougtest"> 
CN=dougtest,OU=ServicesAccounts,OU=UserIDs,DC=domain,DC=com: uidNumber: missing
nslcd: [334873] <passwd="dougtest"> DEBUG: ldap_result(): end of results (1 
total)
passwd.c:575:nslcd_passwd_byname: WRITE_INT32 : var=2 int32=00000002
passwd.c:575:nslcd_passwd_byname: WRITE       : var=&tmpint32 size=4
passwd.c:575:nslcd_passwd_byname: 00 00 00 02
nslcd: [b0dc51] DEBUG: connection from pid=1993 uid=0 gid=0
nslcd.c:339:read_header: READ       : var=&tmpint32 size=4
nslcd.c:339:read_header: 00 00 00 02
nslcd.c:339:read_header: READ_INT32 : var=protocol int32==00000002
nslcd.c:346:read_header: READ       : var=&tmpint32 size=4
nslcd.c:346:read_header: 00 08 00 01
nslcd.c:346:read_header: READ_INT32 : var=*action int32==00080001
passwd.c:575:nslcd_passwd_byname: READ       : var=&tmpint32 size=4
passwd.c:575:nslcd_passwd_byname: 00 00 00 08
passwd.c:575:nslcd_passwd_byname: READ_STRING: var=name strlen=8
passwd.c:575:nslcd_passwd_byname: READ       : var=name size=8
passwd.c:575:nslcd_passwd_byname: 64 6f 75 67 74 65 73 74
passwd.c:575:nslcd_passwd_byname: READ_STRING: var=name string="dougtest"
passwd.c:575:nslcd_passwd_byname: WRITE_INT32 : var=0x00000002 int32=00000002
passwd.c:575:nslcd_passwd_byname: WRITE       : var=&tmpint32 size=4
passwd.c:575:nslcd_passwd_byname: 00 00 00 02
passwd.c:575:nslcd_passwd_byname: WRITE_INT32 : var=0x00080001 int32=00080001
passwd.c:575:nslcd_passwd_byname: WRITE       : var=&tmpint32 size=4
passwd.c:575:nslcd_passwd_byname: 00 08 00 01
nslcd: [b0dc51] <passwd="dougtest"> DEBUG: 
myldap_search(base="ou=ServicesAccounts,ou=UserIDs,dc=domain,dc=com", 
filter="(&(objectClass=user)(cn=dougtest))")
nslcd: [b0dc51] <passwd="dougtest"> DEBUG: ldap_result(): 
CN=dougtest,OU=ServicesAccounts,OU=UserIDs,DC=domain,DC=com
nslcd: [b0dc51] <passwd="dougtest"> 
CN=dougtest,OU=ServicesAccounts,OU=UserIDs,DC=domain,DC=com: uidNumber: missing
nslcd: [b0dc51] <passwd="dougtest"> DEBUG: ldap_result(): end of results (1 
total)
passwd.c:575:nslcd_passwd_byname: WRITE_INT32 : var=2 int32=00000002
passwd.c:575:nslcd_passwd_byname: WRITE       : var=&tmpint32 size=4
passwd.c:575:nslcd_passwd_byname: 00 00 00 02

#
# /etc/nslcd.conf
#
uid nslcd
gid nslcd
uri ldap://10.17.32.4/
ldap_version 3
base ou=ServicesAccounts,ou=UserIDs,dc=domain,dc=com
binddn cn=Spam LDAP,ou=ServicesAccounts,ou=UserIDs,dc=domain,dc=com
bindpw *****
pagesize 1000
referrals off
filter passwd (objectClass=user)
map    passwd uid           cn
map    passwd homeDirectory "/home/$cn"
map    passwd gecos         cn
map    passwd loginShell    "/bin/sh"
filter shadow (objectClass=user)
map    shadow uid              cn
filter group (objectClass=group)
pam_authz_search (&(objectClass=user)(uid=$username))

#
# /etc/nsswitch.conf
#
passwd:         files ldap
group:          files ldap
shadow:         files
hosts:          files dns
networks:       files dns
protocols:      files
services:       files
ethers:         files
rpc:            files

#
# /etc/pam.d/login
#
auth            required        pam_securetty.so
auth            sufficient      pam_unix.so
auth            sufficient      pam_ldap.so use_first_pass
auth            required        pam_deny.so

account         required        pam_unix.so
account         sufficient      pam_ldap.so

password        required        pam_unix.so
password        sufficient      pam_ldap.so

session         required        pam_limits.so
session         required        pam_env.so
session         required        pam_unix.so
session         optional        pam_ldap.so
session         optional        pam_lastlog.so

#
# /etc/pam.d/sshd
#
auth            include         login
account         include         login
password        include         login
session         include         login

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/
LDAP password is "INCORRECT", rdkehn
Re: LDAP password is "INCORRECT", Arthur de Jong
<Possible follow-ups>
Fw: LDAP password is "INCORRECT", Doug Kehn
Prev by Date: unlink of socket failed and no such object
Next by Date: Re: unlink of socket failed and no such object
Previous by thread: Re: unlink of socket failed and no such object
Next by thread: Re: LDAP password is "INCORRECT"