Re: ldap password problems

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Marco Naimoli <marco.naimoli [at] unipd.it>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: ldap password problems
Date: Wed, 29 Jul 2020 11:36:52 +0200

I've found a workaround (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900253): I've just commented out

pam_authc_ppolicy no

Hope it can be useful

Thanks

Marco

Il giorno mar 28 lug 2020 alle ore 15:48 Marco Naimoli <marco.naimoli [at] unipd.it> ha scritto:

Hello, I hope it's the right place for the following question: I've setup a linux box
with ldap authentication, using pam-ldapd, nss-ldapd etc.etc.
Operations like "su - ldapuser" works perfectly; but when I try to authenticate ldapuser
(using ssh, or doing a "su - ldapuser" from non-root user or calling "login" program)
authentication fails.
Trying to debug I see the following logs ("gigio" is the ldap user):

Jul 28 14:59:12 server nslcd[5382]: [0e0f76] <authc="gigio"> DEBUG: ldap_initialize(ldap://localhost)
Jul 28 14:59:12 server nslcd[5382]: [0e0f76] <authc="gigio"> DEBUG: ldap_set_rebind_proc()
Jul 28 14:59:12 server nslcd[5382]: [0e0f76] <authc="gigio"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
Jul 28 14:59:12 server nslcd[5382]: [0e0f76] <authc="gigio"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
Jul 28 14:59:12 server nslcd[5382]: [0e0f76] <authc="gigio"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
Jul 28 14:59:12 server nslcd[5382]: [0e0f76] <authc="gigio"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
Jul 28 14:59:12 server nslcd[5382]: [0e0f76] <authc="gigio"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
Jul 28 14:59:12 server nslcd[5382]: [0e0f76] <authc="gigio"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
Jul 28 14:59:12 server nslcd[5382]: [0e0f76] <authc="gigio"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
Jul 28 14:59:12 server nslcd[5382]: [0e0f76] <authc="gigio"> DEBUG: ldap_sasl_bind("uid=gigio,ou=staff,dc=ict,dc=unipd,dc=it","***") (uri="ldap://localhost") (ppolicy=no)
Jul 28 14:59:12 server nslcd[5382]: [0e0f76] <authc="gigio"> DEBUG: ldap_parse_result() result: Unknown error
Jul 28 14:59:12 server nslcd[5382]: [0e0f76] <authc="gigio"> DEBUG: failed to bind to LDAP server ldap://localhost: Unknown error
Jul 28 14:59:12 server nslcd[5382]: [0e0f76] <authc="gigio"> DEBUG: ldap_unbind()

ldap is installed on localhost; tls is disabled
I've checked slapd logs, too, but I don't see any problem
The "Unknown error" is not a useful message for me and I don't know how to increase the nslcd log level; I suppose there's a big error, but I cannot see
gigio, the ldap user has posixAccount and shadowAccount object classes; the database acls
are, to simplify testing:
to * by * write

Any suggestion ?
Thanks
Marco

ldap password problems, Marco Naimoli
- Re: ldap password problems, Marco Naimoli

Prev by Date: ldap password problems
Next by Date: Umlauts support
Previous by thread: ldap password problems
Next by thread: Umlauts support