[rlug] OpenLDAP with PAM

[Luci Stanescu]

Salutari,

Incercam sa configurez PAM sa se foloseasca de un OpenLDAP, si m-am
lovit de o problema. Care nu stiu care este, avand in vedere ca nu prea
am reusit sa scot ceva din debugging (am trimis tot ce puteam
syslog-ului din slapd). Problema este ca nu pot sa ma autentific.
Configurarile suna cam asa:
--- in pam_ldap.conf ---
host 127.0.0.1
base dc=ict4u,dc=ro
ldap_version 3
rootbinddn cn=admin,dc=ict4u,dc=ro
pam_password clear
--- end ---
--- in pam services ---
auth    sufficient      pam_ldap.so
--- end ---
--- in nsswitch.conf ---
passwd:         files ldap
group:          files ldap
--- end ---
--- in slapd.conf ---
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
schemacheck     on
suffix          "dc=ict4u,dc=ro"
password-hash {CLEARTEXT}
--- end ---
--- slapcat zice ---
dn: dc=ict4u,dc=ro
structuralObjectClass: organization
entryUUID: 8d1f0bae-ea4e-1029-9a25-9d8230ff5e06
creatorsName: cn=anonymous
createTimestamp: 20051115180821Z
objectClass: top
objectClass: dcObject
objectClass: organization
o: ict4u
dc: ict4u
entryCSN: 20051116172922Z#000001#00#000000
modifiersName: cn=admin,dc=ict4u,dc=ro
modifyTimestamp: 20051116172922Z

dn: cn=staff,ou=people,dc=ict4u,dc=ro
objectClass: posixGroup
cn: staff
gidNumber: 1001
structuralObjectClass: posixGroup
entryUUID: 7c25c76a-eb12-1029-902f-a5c9bc702aaa
creatorsName: cn=admin,dc=ict4u,dc=ro
createTimestamp: 20051116173054Z
entryCSN: 20051116173054Z#000001#00#000000
modifiersName: cn=admin,dc=ict4u,dc=ro
modifyTimestamp: 20051116173054Z

dn: uid=luci,ou=People,dc=ict4u,dc=ro
objectClass: account
objectClass: posixAccount
cn: luci
uid: luci
uidNumber: 1005
gidNumber: 1001
homeDirectory: /home/lucica
loginShell: /bin/bash
gecos: luci
description: luci
structuralObjectClass: account
entryUUID: de3550b2-eba1-1029-9738-a1f057f38897
creatorsName: cn=admin,dc=ict4u,dc=ro
createTimestamp: 20051117103717Z
userPassword:: bXVpZQ==
entryCSN: 20051117103728Z#000001#00#000000
modifiersName: cn=admin,dc=ict4u,dc=ro
modifyTimestamp: 20051117103728Z
--- si-a tacut ---

Motivul pentru care am pus clear este ca nu stiu exact cine cum ce
comunica (slapd primeste parola in clear si o hash el si compara, sau
modulul pam pt. ldap??).

A reusit careva sa faca chestia asta sa mearga? Am citit howto-uri pe
tema asta, didn't help. Neither did google. 

Multumesc anticipat,
Lucian Stanescu

_______________________________________________
RLUG mailing list
RLUG@lists.lug.ro
http://lists.lug.ro/mailman/listinfo/rlug