RSS feed

pam_ldap module binding incorrectly with Sun LDAP

[Date Prev][Date Next] [Thread Prev][Thread Next]

pam_ldap module binding incorrectly with Sun LDAP

hi Arthur, 

I am having trouble the pam_ldap module. 

When I try to ssh after configuring the pam_ldap.conf, I am getting invalid credentials. Checking on the ldap side as I know the password was correct. I found that the pam_LdAP was binding with an incorrect password attribute. The module was not using the userPassword attribute that I configured it to use. it is using something. 

 result=49 authFailureID=196887 authFailureReason="The password provided by the user did not match any password(s) stored in the user's entry" etime=1

can you please let me know what could be causing this. This has so far driven me crazy for a while. 

grep -ve "^$" -ve "^#" /etc/openldap/ldap.conf
TLS_CACERTDIR /etc/openldap/cacerts
URI ldap://xxxx:1389
BASE xxxx

grep -ve "^$" -ve "^#" /etc/pam_ldap.conf
base xxxxxx
uri ldap://xxx:xx
ldap_version 3
binddn xxxxx
bindpw xxxx
scope sub
bind_policy hard
idle_timelimit 3600
pam_login_attribute cn
pam_login_attribute cn
ssl no
tls_cacertdir /etc/openldap/cacerts

 grep -ve "^$" -ve "^#" /etc/nslcd.conf
base xxx
binddn xxx
bindpw xx
scope sub
tls_reqcert allow
filter passwd (objectClass=person)
map    passwd uid              uid
map    passwd userPassword     userPassword
map    passwd homeDirectory    homeDirectory
filter shadow (objectClass=person)
map    shadow uid              uid
map    shadow userPassword     userPassword
uid nslcd
gid ldap
uri ldap://xxx:xx
base xx
ssl off
tls_cacertdir /etc/openldap/cacerts

grep -ve "^$" -ve "^#" /etc/nsswitch.conf
passwd:     files sss ldap
shadow:     files sss ldap
group:      files sss ldap
sudoers:    files sss ldap
hosts:      files dns
bootparams: nisplus [NOTFOUND=return] files
ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files sss
netgroup:   files sss ldap
publickey:  nisplus
automount:  files sss ldap
aliases:    files nisplus

grep -ve "^$" -ve "^#" /etc/nscd.conf
        server-user             nscd
        debug-level             0
        paranoia                no
        enable-cache            passwd          yes
        positive-time-to-live   passwd          600
        negative-time-to-live   passwd          20
        suggested-size          passwd          211
        check-files             passwd          yes
        persistent              passwd          yes
        shared                  passwd          yes
        max-db-size             passwd          33554432
        auto-propagate          passwd          yes
        enable-cache            group           yes
        positive-time-to-live   group           3600
        negative-time-to-live   group           60
        suggested-size          group           211
        check-files             group           yes
        persistent              group           yes
        shared                  group           yes
        max-db-size             group           33554432
        auto-propagate          group           yes
        enable-cache            hosts           yes
        positive-time-to-live   hosts           3600
        negative-time-to-live   hosts           20
        suggested-size          hosts           211
        check-files             hosts           yes
        persistent              hosts           yes
        shared                  hosts           yes
        max-db-size             hosts           33554432
        enable-cache            services        yes
        positive-time-to-live   services        28800
        negative-time-to-live   services        20
        suggested-size          services        211
        check-files             services        yes
        persistent              services        yes
        shared                  services        yes
        max-db-size             services        33554432
        enable-cache            netgroup        yes
        positive-time-to-live   netgroup        28800
        negative-time-to-live   netgroup        20
        suggested-size          netgroup        211
        check-files             netgroup        yes
        persistent              netgroup        yes
        shared                  netgroup        yes
        max-db-size             netgroup        33554432

Thank you , 
Krishna Bhimavarapu, CISSP
Identity and Access Management 
Accenture Federal Services ( Contractor) 
44 Union Blvd, #500,  Lakewood, Colorado.
Office: (303)-969-6301 X 482

To unsubscribe send an email to or see