I have a LDAP server on a Debian machine, it runs fine (gq and ldapsearch show that the posixAccount I add are indeed present).
But the pam_ldap module does not allow logins. If I give a wrong password, I get a second 'Password:' request from login (since I indicated pam_ldap as 'sufficient', not 'required') : normal. If I run ldapsearch, binding to the name of an LDAP account, giving its password, it works: normal. But if I type the same account and password at the login: prompt, I get back a login: prompt. The following appears in the log: Apr 12 19:30:41 progress login[1149]: pam_ldap: error trying to bind as user "cn=Vladimir Toto,ou=People,dc=netaktiv,dc=com" (Invalid credentials) I understand that "Invalid credentials" means a wrong password but it works with ldapsearch: ldapsearch -D "cn=Vladimir Toto,ou=People,dc=netaktiv,dc=com" -x -W Enter LDAP Password: [My reply] The log of slapd on the server shows: Apr 12 17:41:55 soyouz slapd[5843]: conn=0 op=2 BIND dn="CN=VLADIMIR TOTO,OU=PEOPLE,DC=NETAKTIV,DC=COM" method=128 Apr 12 17:41:55 soyouz slapd[5843]: conn=0 op=2 RESULT tag=97 err=0 text= Apr 12 17:41:55 soyouz slapd[5841]: deferring operation slapd 2.0.7, pam_ldap 105