nss_ldap problem

Dmitriy Kirhlarov Sun, 26 Feb 2006 00:15:21 -0800

I use nss_ldap-1.239 and nss_ldap-1.244 on 5.4 and 6.0
I have a problem -- login success only if {CRYPT} mechanism used in
ldap database. Other services, authenticated in ldap, work fine
(pam_ldap, apache auth for example).


My configs:
/etc/pam.d/system
# auth
auth            sufficient      pam_opie.so             no_warn no_fake_prompts
auth            requisite       pam_opieaccess.so       no_warn allow_local
auth            sufficient      /usr/local/lib/pam_ldap.so      no_warn 
try_first_pass
auth            required        pam_unix.so             no_warn try_first_pass 
nullok
# account
account         required        pam_login_access.so
account         required        /usr/local/lib/pam_ldap.so      
ignore_authinfo_unavail ignore_unknown_user
account         required        pam_unix.so
# session
session         required        /usr/local/lib/pam_mkhomedir.so skel=/etc/skel 
umask=0077
session         required        pam_lastlog.so          no_fail
# password
password        sufficient      /usr/local/lib/pam_ldap.so      use_authtok
password        required        pam_unix.so             no_warn try_first_pass

/etc/nsswitch.conf
group: ldap files
hosts: files dns
networks: files
passwd: ldap files
shells: files
imap: ldap

/usr/local/etc/ldap.conf
uri ldaps://fbsd
base ou=users,o=oil-space
ldap_version 3
scope one
pam_filter objectClass=posixAccount
pam_login_attribute uid
pam_password md5
nss_base_passwd ou=users,o=oil-space?one
nss_base_shadow ou=users,o=oil-space?one
nss_base_group ou=groups,o=oil-space?one
ssl on
tls_cacertfile /usr/local/etc/ssl/cacert.pem

uname -rs && ls -l /usr/local/etc/nss_ldap.conf && pkg_info -Ix nss_ldap -x 
pam_ldap
FreeBSD 5.4-STABLE
lrwxr-xr-x  1 root  wheel  24 Feb 22 16:41 /usr/local/etc/nss_ldap.conf -> 
/usr/local/etc/ldap.conf
nss_ldap-1.244      RFC 2307 NSS module
pam_ldap-1.8.0      A pam module for authenticating with LDAP

Is somebody have the same problems?

WBR
-- 
Dmitriy Kirhlarov
OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia
P:+7 495 105 7247 ext.203 F:+7 495 105 7246 E:[EMAIL PROTECTED]
OILspace - The resource enriched - www.oilspace.com
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

nss_ldap problem

Reply via email to