lists.arthurdejong.org
RSS feed

Re: nslcd login issue

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: nslcd login issue



Patrik Laszlo wrote:
> Also, if there is a local user with the same user, it works, if I delete the 
> local
> user, it does not work.

To me this sound like you should test your NSS map(s) first (getent passwd and 
friends)
before testing login as a user via PAM.

Ciao, Michael.

> On 02/05/2017 07:52 PM, Patrik Laszlo wrote:
>>
>> *Hello!*
>>
>> *Could you help me a simple problem? (Debian Testing repo)**
>> *
>>
>> *I can login via LDAP, but I get the log like this via nslcd:*
>>
>> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: 
>> ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
>> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: ldap_start_tls_s()
>> nslcd: [7b23c6] <authc="patrikx3"> DEBUG:
>> *ldap_sasl_bind("uid=patrikx3,ou=users,dc=patrikx3,dc=tk","***") 
>> (uri="ldapi:///")
>> (ppolicy=yes)*
>> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: *ldap_parse_result() result: 
>> Invalid credentials*
>> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: failed to bind to LDAP server 
>> ldapi:///:
>> Invalid credentials
>> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: ldap_unbind()
>> nslcd: [7b23c6] <authc="patrikx3"> uid=patrikx3,ou=users,dc=patrikx3,dc=tk: 
>> Invalid
>> credentials
>> nslcd: [7b23c6] <authc="patrikx3"> DEBUG:
>> myldap_search(base="ou=users,dc=patrikx3,dc=tk",
>> filter="(&(objectClass=shadowAccount)(uid=patrikx3))")
>> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: ldap_result():
>> uid=patrikx3,ou=users,dc=patrikx3,dc=tk
>>
>> *In LDAP START TLS it works via ldap search.Also I can see it finds the 
>> user!*
>>
>> *The settings /etc/nslcd.cong:*
>>
>> uid nslcd
>> gid nslcd
>> uri ldapi:///
>> #also
>> #uri ldap://patrikx3.tk????!StartTLS
>> base ou=users,dc=patrikx3,dc=tk
>> ssl start_tls
>> tls_reqcert never
>> tls_cacertfile /etc/ssl/certs/ca-certificates.crt
>>
>> *Could you help me?*
>>
>> Patrik

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/