lists.arthurdejong.org
RSS feed

Re: nslcd login issue

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: nslcd login issue



> ​
To me this sound like you should test your NSS map(s) first (getent passwd and friends)
> before testing login as a user via PAM.

Mike, 

thanks for helping in this need! How should I test the NSS map?

For now if I have a local user (DIFFERENT PASSWORD IN LDAP!) as well it works using with the LDAP PASS, actual the right LDAP password!!
So something works.
But if I delete the local user, it does not work and the bind also it is a different auth! 

Why is this?
with local user exists and ldap works with nslcd - ldap_simple_bind_s
with no local user and ldap not works with nscld - ldap_sasl_bind 
Why is it different why isnt the same bind? I have  not changed anything!

P L E A S E     H E L P !


Patrik

GTalk:  
alabard [at] gmail.com

Web:

Mobile:

On Sun, Feb 5, 2017 at 10:33 PM, Michael Ströder <michael [at] stroeder.com> wrote:
Patrik Laszlo wrote:
> Also, if there is a local user with the same user, it works, if I delete the local
> user, it does not work.

​​
To me this sound like you should test your NSS map(s) first (getent passwd and friends)
before testing login as a user via PAM.

Ciao, Michael.

> On 02/05/2017 07:52 PM, Patrik Laszlo wrote:
>>
>> *Hello!*
>>
>> *Could you help me a simple problem? (Debian Testing repo)**
>> *
>>
>> *I can login via LDAP, but I get the log like this via nslcd:*
>>
>> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
>> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: ldap_start_tls_s()
>> nslcd: [7b23c6] <authc="patrikx3"> DEBUG:
>> *ldap_sasl_bind("uid=patrikx3,ou=users,dc=patrikx3,dc=tk","***") (uri="ldapi:///")
>> (ppolicy=yes)*
>> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: *ldap_parse_result() result: Invalid credentials*
>> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: failed to bind to LDAP server ldapi:///:
>> Invalid credentials
>> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: ldap_unbind()
>> nslcd: [7b23c6] <authc="patrikx3"> uid=patrikx3,ou=users,dc=patrikx3,dc=tk: Invalid
>> credentials
>> nslcd: [7b23c6] <authc="patrikx3"> DEBUG:
>> myldap_search(base="ou=users,dc=patrikx3,dc=tk",
>> filter="(&(objectClass=shadowAccount)(uid=patrikx3))")
>> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: ldap_result():
>> uid=patrikx3,ou=users,dc=patrikx3,dc=tk
>>
>> *In LDAP START TLS it works via ldap search.Also I can see it finds the user!*
>>
>> *The settings /etc/nslcd.cong:*
>>
>> uid nslcd
>> gid nslcd
>> uri ldapi:///
>> #also
>> #uri ldap://patrikx3.tk????!StartTLS
>> base ou=users,dc=patrikx3,dc=tk
>> ssl start_tls
>> tls_reqcert never
>> tls_cacertfile /etc/ssl/certs/ca-certificates.crt
>>
>> *Could you help me?*
>>
>> Patrik


-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/