Re: pam_login_attribute missing from nss-pam-ldapd

[Jackie Meese <jmeese [at] vt.edu>]

On Oct 16, 2015, at 12:32 PM, Arthur de Jong <arthur [at] arthurdejong.org> wrote:

On Thu, 2015-10-15 at 16:26 -0400, Jackie Meese wrote:

Attempts to figure this out from documentation have led me to try
without any luck in /etc/nslcd.conf:
map    passwd uid uupid

This should be the replacement for pam_login_attribute because the NSS
and PAM configuration are combined in nss-pam-ldapd.

In short, is there a replacement for pam_login_attribute in version
0.8.13 (specifically the version included in CentOS 7, but this
doesn't feel like a bug, so I'm asking here)?

What are you seeing when performing an authentication attempt? Running
nslcd in debug mode often helps finding configuration issues. Also,

Starting at the debug output for a while, knowing that the map line above was correct led me to see that the query made was:

<authc="jackie"> DEBUG: myldap_search(base="ou=People,dc=vt,dc=edu", filter="(&(objectClass=posixAccount)(uuid=jackie))")

So I added a filter line to the conf file:

filter passwd (uuid=*)

So it's working now. Thanks for the help and for confirming my "map" line. Knowing that should be right helped me debug it.

j.

----

Jackie Meese, Assistant Director, Computer Systems Administration

Technology-enhanced Learning and Online Strategies - Innovation Catalyst Group https://tlos.vt.edu/

Institute for Creativity, Arts, and Technology http://icat.vt.edu

I am, and always will be, an idiot.

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/