Recently, i have hit a rather unique, and annoying, error with ldap. it seems
that using pam with ldap, allows *any* password as valid. Im not really sure
what i have done here, and any help would be apprecitaed. find my
/etc/ldap.conf attached, as well as pam.d/ssh
etc/ldap.conf
base
Buchan,
That worked for me. Thanks. I have another question for the mailing list.
Can I place the AuthLDAPURL, AuthzLDAPAuthoritative, AuthLDAPGroupAttributeIsDN
and AuthLDAPGroupAttribute outside of Location and Directory and inside of
VirtualHost and place just Require and Satisfy within
Hi all. Im triyng to use squid with the squid_ldap_group auth helper.
The schema looks like
o=Company
|
-Groups
|-ProxyUsers
|-Managers
|-Sales
Managers and Sales are OrganizationalUnit, ProxyUsers is GroupofUniqueNames
Each entry of Managers and Sales inherits from
I'm seeing a problem where I can authenticate as a user using the ldap tools
(ie ldapsearch) but I am unable to login using PAM.
Comparing debug on the server shows that ldapsearch is doing a new BIND,
where's PAM is not:
Jun 4 14:58:52 ldap-server slapd[5158]: = dn: [1]
Jun 4 14:58:52
ssl on
ssl start_tls
Most certailnly it will not solve your problem but those are
contradictory.
'ssl on' makes pam_ldap tries to connect to the server using port 636
(ldaps)
while 'ssl start_tls' uses the normal 389 port.
Regards,
Thierry
--On Friday, June 04, 2010 11:36 AM + egemenoz...@gmail.com wrote:
hi,
I needed to write a daemon which can react to changes on openldap server.
It has to be
an event driven application hence polling is ruled out.
After some research, the most proper way seems to be through ldap sync
I came across a similar bug where enabling chaining between a master and slave
allows invalid passwords to be accepted by pam_ldap. Unfortunately, no word
from OpenLDAP or pam_ldap maintainers on the issue. I have been looking at
pam_ldap source code but haven't been able to pinpoint the