* Mullins, Ron [EMAIL PROTECTED] [010405 17:09]:
Seriously, has no one setup the libpam-ldap in Debian?
Just some working config files to enlighten me as to the little thing I
haven't gotten right would be splendid. You don't have to talk to me, you
don't have to be my friend...I won't come to your house and drink your beer
if you respond. Promise.
dd
required packages:
openldap
libpam-ldap
libnss-ldap
libpam-cracklib
nscd
/etc/libnss-ldap.conf:
===
host funguz
base o=Something, c=NL
===
etc/pam_ldap.conf:
===
host funguz
base o=Something, c=NL
# Use the V3 protocol to optimize searches
ldap_version 2
# Filter to AND with uid=%s
pam_filter objectclass=account
# The user ID attribute (defaults to uid)
pam_login_attribute uid
#Group to enforce membership of
#pam_groupdn cn=PAM,ou=Groups,dc=example,dc=net
# Group member attribute
#pam_member_attribute uniquemember
# Hash password locally; required for University of
# Michigan LDAP server, and works with Netscape
# Directory Server if you're using the UNIX-Crypt
# hash mechanism and not using the NT Synchronization
# service.
pam_crypt local
===
/etc/pam.d/other:
===
auth sufficient pam_unix.so
auth requiredpam_ldap.so use_first_pass
account sufficient pam_unix.so
account requiredpam_ldap.so
password sufficient pam_unix.so
password requiredpam_ldap.so try_first_pass
session requiredpam_unix.so
===
you should modify all the files in /etc/pam.d/ as like my
/etc/pam.d/other.
Other example:
/etc/pam.d/login:
===
auth requisite pam_securetty.so
auth required pam_nologin.so
auth required pam_env.so
auth sufficient pam_unix.so nullok
auth required pam_ldap.so use_first_pass
account sufficient pam_unix.so
account requiredpam_ldap.so
session requiredpam_unix.so
sessionoptional pam_lastlog.so
sessionoptional pam_motd.so
sessionoptional pam_mail.so standard noenv
password required pam_cracklib.so retry=3 minlen=6 difok=3
password sufficient pam_unix.so use_authtok nullok md5 shadow
password required pam_ldap.so try_first_pass
===
Well, one other word to say: improvise!
good luck!
CBL.