On Wednesday, 18 August 2010 22:26:38 weiga...@gmail.com wrote: > Hello Buchan > > I am running the rpm package openldap server 2.3 that comes with CentOS 5.4
So test this client from the "server". > and my ldap client is CentOS 4. Looks like there is no ldapwhoami -e > ppolicy option on CentOS4 client, as you can see below. I also copy and > paste the client's /etc/pam.d/system-auth below. > > > [us...@ldapclient ~]$ ldapwhoami -e ppolicy > Invalid general control name: ppolicy > Issue LDAP Who am I? operation to request user's authzid > > usage: ldapwhoami [options] You will of course actually have to *read* the usage instructions, and supply suitable options/values. > [us...@ldapclient ~]$ cat /etc/pam.d/system-auth > #%PAM-1.0 > # This file is auto-generated. > # User changes will be destroyed the next time authconfig is run. > auth required /lib/security/$ISA/pam_env.so > auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok > auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass > auth required /lib/security/$ISA/pam_deny.so > > account required /lib/security/$ISA/pam_unix.so broken_shadow > account sufficient /lib/security/$ISA/pam_localuser.so > account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet > account [default=bad success=ok user_unknown=ignore] > /lib/security/$ISA/pam_ldap.so > account required /lib/security/$ISA/pam_permit.so I usually go for something more like: account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_ldap.so account required pam_deny.so But, if you aren't going to bother to learn how PAM works, you probably shouldn't be taking advice from random strangers on the internet. Regards, Buchan