Re: Need help in integration of pam and ldap using nss-pam-ldapd

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: "Trent W. Buck" <twb-nss-pam-ldapd-users [at] cyber.com.au>
To: William MacAllister <whm [at] dropbox.com>
Cc: "nss-pam-ldapd-users [at] lists.arthurdejong.org" <nss-pam-ldapd-users [at] lists.arthurdejong.org>, "Kedar Sirshikar \(ksirshik\)" <ksirshik [at] cisco.com>
Subject: Re: Need help in integration of pam and ldap using nss-pam-ldapd
Date: Mon, 29 May 2017 10:29:32 +1000

William MacAllister wrote:
> I am guessing you are experimenting with the user
> 'ldap_pam_uid+uidNumber=22222222'. Very strange username. The dump you sent
> for that usee does not show all of the attributes so it is hard to tell you
> much. about it, but I would be surprised if you really intend that to be
> the UID.

FYI, that format looks a bit like a SASL "external" account, e.g.

    root@slime:~# ldapsearch -LLLYEXTERNAL dn=canthappen
    SASL/EXTERNAL authentication started
    SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    SASL SSF: 0

    root@slime:~# sudo -u nobody ldapsearch -LLLYEXTERNAL dn=canthappen
    SASL/EXTERNAL authentication started
    SASL username: 
gidNumber=65534+uidNumber=65534,cn=peercred,cn=external,cn=auth
    SASL SSF: 0

    root@slime:~# getent passwd root nobody
    root:x:0:0:root:/root:/bin/bash
    nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/

Re: Need help in integration of pam and ldap using nss-pam-ldapd, (continued)

Prev by Date: Re: Need help in integration of pam and ldap using nss-pam-ldapd
Next by Date: shadowexpired user in FreeBSD??
Previous by thread: Re: Need help in integration of pam and ldap using nss-pam-ldapd
Next by thread: shadowexpired user in FreeBSD??