server: OpenLDAP 2.4.43 clients: nss-pam-ldapd 0.9.6 I have a user configured in the OpenLDAP database and I can run ldapsearch from the server and get back valid results. However, I'm unable to log into the LDAP client from the server. It looks like the LDAP client machine is not authenticating, so I'm hoping to get some thoughts from others on how to get past this.
Below is what I'm seeing when trying to log into the LDAP client from the server. $ ssh 10.0.1.1 You are required to change your password immediately (root enforced) WARNING: Your password has expired. You must change your password now and login again! (current) LDAP Password: passwd: User not known to the underlying authentication module passwd: password unchanged Connection to 10.0.1.1 closed. On the LDAP client, the following output is from running nslcd -d (debug). So I believe this is telling me that the LDAP client is talking to the LDAP server. But I do not understand why the connection is being closed, or why the passwd is expired.Also, running 'getent passwd' on the server returns all users withing /etc/passwd. Running the same command from the LDAP client looks like it's only returning the users from the LDAP client's /etc/passwd file (no users). nslcd: DEBUG: NSS_LDAP nss-pam-ldapd 0.9.6 nslcd: DEBUG: CFG: threads 5 nslcd: DEBUG: CFG: uid nslcd nslcd: DEBUG: CFG: gid 246 nslcd: DEBUG: CFG: uri ldap://10.0.0.11/ nslcd: DEBUG: CFG: ldap_version 3 nslcd: DEBUG: CFG: base dc=my,dc=example,dc=com nslcd: DEBUG: CFG: scope sub nslcd: DEBUG: CFG: deref never nslcd: DEBUG: CFG: referrals yes nslcd: DEBUG: CFG: filter aliases (objectClass=nisMailAlias) nslcd: DEBUG: CFG: filter ethers (objectClass=ieee802Device) nslcd: DEBUG: CFG: filter group (objectClass=posixGroup) nslcd: DEBUG: CFG: filter hosts (objectClass=ipHost) nslcd: DEBUG: CFG: filter netgroup (objectClass=nisNetgroup) nslcd: DEBUG: CFG: filter networks (objectClass=ipNetwork) nslcd: DEBUG: CFG: filter passwd (objectClass=posixAccount) nslcd: DEBUG: CFG: filter protocols (objectClass=ipProtocol) nslcd: DEBUG: CFG: filter rpc (objectClass=oncRpc) nslcd: DEBUG: CFG: filter services (objectClass=ipService) nslcd: DEBUG: CFG: filter shadow (objectClass=shadowAccount) nslcd: DEBUG: CFG: map group userPassword "*" nslcd: DEBUG: CFG: map passwd userPassword "*" nslcd: DEBUG: CFG: map passwd gecos "${gecos:-$cn}" nslcd: DEBUG: CFG: map shadow userPassword "*" nslcd: DEBUG: CFG: map shadow shadowLastChange "${shadowLastChange:--1}" nslcd: DEBUG: CFG: map shadow shadowMin "${shadowMin:--1}" nslcd: DEBUG: CFG: map shadow shadowMax "${shadowMax:--1}" nslcd: DEBUG: CFG: map shadow shadowWarning "${shadowWarning:--1}" nslcd: DEBUG: CFG: map shadow shadowInactive "${shadowInactive:--1}" nslcd: DEBUG: CFG: map shadow shadowExpire "${shadowExpire:--1}" nslcd: DEBUG: CFG: map shadow shadowFlag "${shadowFlag:-0}" nslcd: DEBUG: CFG: bind_timelimit 10 nslcd: DEBUG: CFG: timelimit 0 nslcd: DEBUG: CFG: idle_timelimit 0 nslcd: DEBUG: CFG: reconnect_sleeptime 1 nslcd: DEBUG: CFG: reconnect_retrytime 10 nslcd: DEBUG: CFG: ssl off nslcd: DEBUG: CFG: tls_reqcert demand nslcd: DEBUG: CFG: pagesize 0 nslcd: DEBUG: CFG: nss_min_uid 0 nslcd: DEBUG: CFG: nss_nested_groups no nslcd: DEBUG: CFG: nss_getgrent_skipmembers no nslcd: DEBUG: CFG: nss_disable_enumeration no nslcd: DEBUG: CFG: validnames /^[a-z0-9._@$()]([a-z0-9._@$() \~-]*[a-z0-9._@ $()~-])?$/i nslcd: DEBUG: CFG: ignorecase no nslcd: DEBUG: CFG: cache dn2uid 15m 15m nslcd: version 0.9.6 starting nslcd: DEBUG: unlink() of /run/nslcd/socket failed (ignored): No such file or directory nslcd: DEBUG: initgroups("nslcd",246) done nslcd: DEBUG: setgid(246) done nslcd: DEBUG: setuid(101) done nslcd: accepting connections nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [8b4567] DEBUG: connection from pid=2850 uid=0 gid=0 nslcd: [8b4567] <group/member="root"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=root))") nslcd: [8b4567] <group/member="root"> DEBUG: ldap_initialize(ldap:// 10.0.0.11/) nslcd: [8b4567] <group/member="root"> DEBUG: ldap_set_rebind_proc() nslcd: [8b4567] <group/member="root"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3) nslcd: [8b4567] <group/member="root"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0) nslcd: [8b4567] <group/member="root"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0) nslcd: [8b4567] <group/member="root"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0) nslcd: [8b4567] <group/member="root"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0) nslcd: [8b4567] <group/member="root"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON) nslcd: [8b4567] <group/member="root"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) nslcd: [8b4567] <group/member="root"> DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldap://10.0.0.11/") nslcd: [8b4567] <group/member="root"> DEBUG: ldap_result(): end of results (0 total) nslcd: [8b4567] <group/member="root"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixGroup)(memberUid=root))") nslcd: [8b4567] <group/member="root"> DEBUG: ldap_result(): end of results (0 total) nslcd: [7b23c6] DEBUG: connection from pid=27158 uid=0 gid=0 nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [7b23c6] <passwd="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [7b23c6] <passwd="james"> DEBUG: ldap_initialize(ldap://10.0.0.11/) nslcd: [7b23c6] <passwd="james"> DEBUG: ldap_set_rebind_proc() nslcd: [7b23c6] <passwd="james"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3) nslcd: [7b23c6] <passwd="james"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0) nslcd: [7b23c6] <passwd="james"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0) nslcd: [7b23c6] <passwd="james"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0) nslcd: [7b23c6] <passwd="james"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0) nslcd: [7b23c6] <passwd="james"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON) nslcd: [7b23c6] <passwd="james"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) nslcd: [7b23c6] <passwd="james"> DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldap://10.0.0.11/") nslcd: [7b23c6] <passwd="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [7b23c6] <passwd="james"> (re)loading /etc/nsswitch.conf nslcd: [7b23c6] <passwd="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [3c9869] DEBUG: connection from pid=27158 uid=0 gid=0 nslcd: [3c9869] <group/member="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [3c9869] <group/member="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [3c9869] <group/member="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixGroup)(|(memberUid=james)(member=uid=james,ou=users,dc=my,dc=example,dc=com)))") nslcd: [3c9869] <group/member="james"> DEBUG: ldap_result(): end of results (0 total) nslcd: [334873] DEBUG: connection from pid=27158 uid=0 gid=0 nslcd: [334873] <passwd="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [334873] <passwd="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [334873] <passwd="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: [b0dc51] DEBUG: connection from pid=27158 uid=0 gid=0 nslcd: [b0dc51] <passwd="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [b0dc51] <passwd="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [b0dc51] <passwd="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: [495cff] DEBUG: connection from pid=27158 uid=0 gid=0 nslcd: [495cff] <shadow="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=shadowAccount)(uid=james))") nslcd: [495cff] <shadow="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [495cff] <shadow="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: [e8944a] DEBUG: connection from pid=27158 uid=0 gid=0 nslcd: [e8944a] <passwd="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [e8944a] <passwd="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [e8944a] <passwd="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: [5558ec] DEBUG: connection from pid=27158 uid=0 gid=0 nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [5558ec] <authz="james"> DEBUG: nslcd_pam_authz("james","sshd","","10.0.0.11","ssh") nslcd: [5558ec] <authz="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [5558ec] <authz="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [5558ec] <authz="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=shadowAccount)(uid=james))") nslcd: [5558ec] <authz="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [8e1f29] DEBUG: connection from pid=27158 uid=0 gid=0 nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [8e1f29] <passwd="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [8e1f29] <passwd="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [8e1f29] <passwd="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: [e87ccd] DEBUG: connection from pid=27158 uid=0 gid=0 nslcd: [e87ccd] <passwd="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [e87ccd] <passwd="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [e87ccd] <passwd="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: [1b58ba] DEBUG: connection from pid=27158 uid=0 gid=0 nslcd: [1b58ba] <passwd="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [1b58ba] <passwd="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [1b58ba] <passwd="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: [7ed7ab] DEBUG: connection from pid=27158 uid=0 gid=0 nslcd: [7ed7ab] <passwd="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [7ed7ab] <passwd="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [7ed7ab] <passwd="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: [b141f2] DEBUG: connection from pid=27158 uid=0 gid=0 nslcd: [b141f2] <passwd="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [b141f2] <passwd="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [b141f2] <passwd="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: [b71efb] DEBUG: connection from pid=27158 uid=0 gid=0 nslcd: [b71efb] <passwd="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [b71efb] <passwd="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [b71efb] <passwd="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: [e2a9e3] DEBUG: connection from pid=27158 uid=0 gid=0 nslcd: [e2a9e3] <passwd="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [e2a9e3] <passwd="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [e2a9e3] <passwd="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: [45e146] DEBUG: connection from pid=27158 uid=0 gid=0 nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [45e146] <passwd="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [45e146] <passwd="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [45e146] <passwd="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: [5f007c] DEBUG: connection from pid=27158 uid=0 gid=0 nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [5f007c] <sess_o="james"> DEBUG: nslcd_pam_sess_o("james","sshd","ssh","10.0.0.11",""): kQlRjhzsaaNBTFAtM7eBH6QP nslcd: [8c895d] DEBUG: connection from pid=27158 uid=0 gid=0 nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [8c895d] <passwd="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [8c895d] <passwd="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [8c895d] <passwd="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [3ab105] DEBUG: connection from pid=27163 uid=0 gid=1000 nslcd: [3ab105] <group/member="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [3ab105] <group/member="james"> DEBUG: ldap_initialize(ldap:// 10.0.0.11/) nslcd: [3ab105] <group/member="james"> DEBUG: ldap_set_rebind_proc() nslcd: [3ab105] <group/member="james"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3) nslcd: [3ab105] <group/member="james"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0) nslcd: [3ab105] <group/member="james"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0) nslcd: [3ab105] <group/member="james"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0) nslcd: [3ab105] <group/member="james"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0) nslcd: [3ab105] <group/member="james"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON) nslcd: [3ab105] <group/member="james"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) nslcd: [3ab105] <group/member="james"> DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldap://10.0.0.11/") nslcd: [3ab105] <group/member="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [3ab105] <group/member="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixGroup)(|(memberUid=james)(member=uid=james,ou=users,dc=my,dc=example,dc=com)))") nslcd: [3ab105] <group/member="james"> DEBUG: ldap_result(): end of results (0 total) nslcd: [1da317] DEBUG: connection from pid=27163 uid=0 gid=1000 nslcd: [1da317] <passwd="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [1da317] <passwd="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [1da317] <passwd="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: [43a858] DEBUG: connection from pid=27163 uid=0 gid=1000 nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [43a858] <passwd="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [43a858] <passwd="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [43a858] <passwd="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: [1d5ae9] DEBUG: connection from pid=27158 uid=0 gid=0 nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [1d5ae9] <passwd="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [1d5ae9] <passwd="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [1d5ae9] <passwd="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [63845e] DEBUG: connection from pid=27164 uid=0 gid=1000 nslcd: [63845e] <passwd=1000> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uidNumber=1000))") nslcd: [63845e] <passwd=1000> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [63845e] <passwd=1000> DEBUG: ldap_result(): end of results (1 total) nslcd: [a2a8d4] DEBUG: connection from pid=27164 uid=0 gid=1000 nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [a2a8d4] <passwd="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [a2a8d4] <passwd="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [a2a8d4] <passwd="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [edbdab] DEBUG: connection from pid=27164 uid=0 gid=1000 nslcd: [edbdab] <passwd="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [edbdab] <passwd="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [edbdab] <passwd="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: [838cb2] DEBUG: connection from pid=27164 uid=0 gid=1000 nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [838cb2] <passwd="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [838cb2] <passwd="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [838cb2] <passwd="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: [53d0cd] DEBUG: connection from pid=27164 uid=0 gid=1000 nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [53d0cd] <config=1> DEBUG: nslcd_config_get(1) nslcd: [03e0c6] DEBUG: connection from pid=27164 uid=0 gid=1000 nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [03e0c6] <passwd="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [03e0c6] <passwd="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [03e0c6] <passwd="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: [9a769b] DEBUG: connection from pid=27164 uid=0 gid=1000 nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [9a769b] <passwd="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [9a769b] <passwd="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [9a769b] <passwd="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: [e49eb4] DEBUG: connection from pid=27164 uid=0 gid=1000 nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [e49eb4] <authc="james"> DEBUG: nslcd_pam_authc("james","passwd","***") nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [e49eb4] <authc="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [e49eb4] <authc="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [e49eb4] <authc="james"> DEBUG: myldap_search(base="uid=james,ou=users,dc=my,dc=example,dc=com", filter="(objectClass=*)") nslcd: [e49eb4] <authc="james"> DEBUG: ldap_initialize(ldap://10.0.0.11/) nslcd: [e49eb4] <authc="james"> DEBUG: ldap_set_rebind_proc() nslcd: [e49eb4] <authc="james"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3) nslcd: [e49eb4] <authc="james"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0) nslcd: [e49eb4] <authc="james"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0) nslcd: [e49eb4] <authc="james"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0) nslcd: [e49eb4] <authc="james"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0) nslcd: [e49eb4] <authc="james"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON) nslcd: [e49eb4] <authc="james"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) nslcd: [e49eb4] <authc="james"> DEBUG: ldap_sasl_bind("uid=james,ou=users,dc=my,dc=example,dc=com","***") (uri="ldap://10.0.0.11/") nslcd: [e49eb4] <authc="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [e49eb4] <authc="james"> DEBUG: ldap_unbind() nslcd: [e49eb4] <authc="james"> DEBUG: bind successful nslcd: [e49eb4] <authc="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=shadowAccount)(uid=james))") nslcd: [e49eb4] <authc="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [e49eb4] <authc="james"> uid=james,ou=users,dc=my,dc=example,dc=com: "${shadowLastChange:--1}": need a new password nslcd: [f32454] DEBUG: connection from pid=27158 uid=0 gid=0 nslcd: [f32454] <passwd="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [f32454] <passwd="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [f32454] <passwd="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: [a88611] DEBUG: connection from pid=27158 uid=0 gid=0 nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [a88611] <passwd="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [a88611] <passwd="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [a88611] <passwd="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [36c40e] DEBUG: connection from pid=27158 uid=0 gid=0 nslcd: [36c40e] <sess_c="james"> DEBUG: nslcd_pam_sess_c("james","sshd",kQlRjhzsaaNBTFAtM7eBH6QP) nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [901d82] DEBUG: connection from pid=27158 uid=0 gid=0 nslcd: [901d82] <passwd="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [901d82] <passwd="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [901d82] <passwd="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: [95f874] DEBUG: connection from pid=27158 uid=0 gid=0 nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [95f874] <passwd="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [95f874] <passwd="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [95f874] <passwd="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: [138641] DEBUG: connection from pid=27158 uid=0 gid=0 nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [138641] <passwd="james"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=james))") nslcd: [138641] <passwd="james"> DEBUG: ldap_result(): uid=james,ou=users,dc=my,dc=example,dc=com nslcd: [138641] <passwd="james"> DEBUG: ldap_result(): end of results (1 total) nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [7ff521] DEBUG: connection from pid=27173 uid=0 gid=0 nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [7ff521] <group/member="root"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixAccount)(uid=root))") nslcd: [7ff521] <group/member="root"> DEBUG: ldap_initialize(ldap:// 10.0.0.11/) nslcd: [7ff521] <group/member="root"> DEBUG: ldap_set_rebind_proc() nslcd: [7ff521] <group/member="root"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3) nslcd: [7ff521] <group/member="root"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0) nslcd: [7ff521] <group/member="root"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0) nslcd: [7ff521] <group/member="root"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0) nslcd: [7ff521] <group/member="root"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0) nslcd: [7ff521] <group/member="root"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON) nslcd: [7ff521] <group/member="root"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) nslcd: [7ff521] <group/member="root"> DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldap://10.0.0.11/") nslcd: [7ff521] <group/member="root"> DEBUG: ldap_result(): end of results (0 total) nslcd: [7ff521] <group/member="root"> DEBUG: myldap_search(base="dc=my,dc=example,dc=com", filter="(&(objectClass=posixGroup)(memberUid=root))") nslcd: [7ff521] <group/member="root"> DEBUG: ldap_result(): end of results (0 total) These are my LDAP clients pam.d files. /etc/pam.d/passwd auth sufficient pam_rootok.so auth include system-auth account include system-auth password include system-auth /etc/pam.d/sshd auth include system-remote-login account include system-remote-login password include system-remote-login session include system-remote-login /etc/pam.d/system-auth auth required pam_env.so auth required pam_unix.so try_first_pass likeauth nullok auth optional pam_permit.so auth sufficient pam_ldap.so use_first_pass account required pam_unix.so account optional pam_permit.so account sufficient pam_ldap.so password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow password optional pam_permit.so password sufficient pam_ldap.so use_authtok use_first_pass session required pam_limits.so session required pam_env.so session required pam_unix.so session optional pam_permit.so session optional pam_ldap.so /etc/pam.d/system-remote-login auth include system-login account include system-login password include system-login session include system-login /etc/pamd/system-login auth required pam_tally2.so onerr=succeed auth required pam_shells.so auth required pam_nologin.so auth include system-auth account required pam_access.so account required pam_nologin.so account include system-auth account required pam_tally2.so onerr=succeed password include system-auth session optional pam_loginuid.so session required pam_env.so session optional pam_lastlog.so silent session include system-auth session optional pam_motd.so motd=/etc/motd session optional pam_mail.so /etc/nslcd.conf uid nslcd gid nslcd uri ldap://10.0.0.11 base dc=my,dc=example,dc=com /etc/nsswitch.conf passwd: files ldap group: files ldap shadow: files ldap