pam_ldap module binding incorrectly with Sun LDAP

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: "Bhimavarapu, Gokul" <gokul.bhimavarapu [at] onrr.gov>
To: <nss-pam-ldapd-users [at] lists.arthurdejong.org>
Subject: pam_ldap module binding incorrectly with Sun LDAP
Date: Wed, 26 Jul 2017 21:55:56 -0600

hi Arthur, 

I am having trouble the pam_ldap module. 

When I try to ssh after configuring the pam_ldap.conf, I am getting invalid credentials. Checking on the ldap side as I know the password was correct. I found that the pam_LdAP was binding with an incorrect password attribute. The module was not using the userPassword attribute that I configured it to use. it is using something. 

result=49 authFailureID=196887 authFailureReason="The password provided by the user did not match any password(s) stored in the user's entry" etime=1

can you please let me know what could be causing this. This has so far driven me crazy for a while.

grep -ve "^$" -ve "^#" /etc/openldap/ldap.conf

TLS_REQCERT allow

TLS_CACERTDIR /etc/openldap/cacerts

URI ldap://xxxx:1389

BASE xxxx

grep -ve "^$" -ve "^#" /etc/pam_ldap.conf

base xxxxxx

uri ldap://xxx:xx

ldap_version 3

binddn xxxxx

bindpw xxxx

scope sub

bind_policy hard

idle_timelimit 3600

pam_login_attribute cn

ssl no

tls_cacertdir /etc/openldap/cacerts

grep -ve "^$" -ve "^#" /etc/nslcd.conf

base xxx

binddn xxx

bindpw xx

scope sub

tls_reqcert allow

filter passwd (objectClass=person)

map passwd uid uid

map passwd userPassword userPassword

map passwd homeDirectory homeDirectory

filter shadow (objectClass=person)

map shadow uid uid

map shadow userPassword userPassword

uid nslcd

gid ldap

uri ldap://xxx:xx

base xx

ssl off

tls_cacertdir /etc/openldap/cacerts

grep -ve "^$" -ve "^#" /etc/nsswitch.conf

passwd: files sss ldap

shadow: files sss ldap

group: files sss ldap

sudoers: files sss ldap

hosts: files dns

bootparams: nisplus [NOTFOUND=return] files

ethers: files

netmasks: files

networks: files

protocols: files

rpc: files

services: files sss

netgroup: files sss ldap

publickey: nisplus

automount: files sss ldap

aliases: files nisplus

grep -ve "^$" -ve "^#" /etc/nscd.conf

server-user nscd

debug-level 0

paranoia no

enable-cache passwd yes

positive-time-to-live passwd 600

negative-time-to-live passwd 20

suggested-size passwd 211

check-files passwd yes

persistent passwd yes

shared passwd yes

max-db-size passwd 33554432

auto-propagate passwd yes

enable-cache group yes

positive-time-to-live group 3600

negative-time-to-live group 60

suggested-size group 211

check-files group yes

persistent group yes

shared group yes

max-db-size group 33554432

auto-propagate group yes

enable-cache hosts yes

positive-time-to-live hosts 3600

negative-time-to-live hosts 20

suggested-size hosts 211

check-files hosts yes

persistent hosts yes

shared hosts yes

max-db-size hosts 33554432

enable-cache services yes

positive-time-to-live services 28800

negative-time-to-live services 20

suggested-size services 211

check-files services yes

persistent services yes

shared services yes

max-db-size services 33554432

enable-cache netgroup yes

positive-time-to-live netgroup 28800

negative-time-to-live netgroup 20

suggested-size netgroup 211

check-files netgroup yes

persistent netgroup yes

shared netgroup yes

max-db-size netgroup 33554432

Thank you ,
Krishna Bhimavarapu, CISSP
Identity and Access Management
Accenture Federal Services ( Contractor)
44 Union Blvd, #500, Lakewood, Colorado.

Office: (303)-969-6301 X 482

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/

pam_ldap module binding incorrectly with Sun LDAP, Bhimavarapu, Gokul

Prev by Date: Re: adding FreeBSD LOGIN_CLASS(3) support to nss-pam-ldapd
Next by Date: Fwd: Help required regarding nss-pam-ldap
Previous by thread: Re: adding FreeBSD LOGIN_CLASS(3) support to nss-pam-ldapd
Next by thread: nslcd Connection reset by peer