pam_authz_search not considered

["Lakshmi Narasimhan, Premkumar (RIS-ORL)" <Premkumar.Narasimhan [at] lexisnexis.com>]

Hi,

 

I am trying to setup LDAP authentication for VSFTPD. Also i need to IP validation so i am trying to use pam_authz_search (&(id=$rhost)), but I don’t see this applied as a filter in LDAP request. Please provide you valuable inputs.

 

Following is the configuration in nslcd.conf

 

uri  ldap://192.168.56.101:10389

 

filter passwd (uid=*)

 

pam_authz_search (&(ip=$rhost))

 

 

Below is nslcd debug log

 

nslcd: [8b4567] DEBUG: connection from pid=2926 uid=0 gid=0

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: nslcd_pam_authc("ldapadmin","vsftpd","***")

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: myldap_search(base="ou=system", filter="(&(uid=*)(uid=ldapadmin))")

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: ldap_initialize(ldap://192.168.56.101:10389)

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: ldap_set_rebind_proc()

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldap://192.168.56.101:10389")

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: ldap_result(): uid=ldapadmin,ou=system

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: myldap_search(base="uid=ldapadmin,ou=system", filter="(objectClass=*)")

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: ldap_initialize(ldap://192.168.56.101:10389)

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: ldap_set_rebind_proc()

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: ldap_sasl_bind("uid=ldapadmin,ou=system","***") (uri="ldap://192.168.56.101:10389")

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: ldap_result(): uid=ldapadmin,ou=system

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: ldap_unbind()

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: bind successful

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: myldap_search(base="ou=system", filter="(&(objectClass=shadowAccount)(uid=ldapadmin))")

nslcd: [8b4567] <authc="ldapadmin"> DEBUG: ldap_result(): end of results (0 total)

 

 

 

Thanks,

Prem

---

---------------------------------------- The information contained in this e-mail message is intended only for the personal and confidential use of the recipient(s) named above. This message may be an attorney-client communication and/or work product and as such is privileged and confidential. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message.

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/