Hi all,
I'm wanting to use LDAP with the pam_ldap module to authenticate all sorts
of stuff. So I figured I'd start out by just configuring ftp to be
authenticated against it. I've grabbed the pam_ldap module from padl.com,
built that, I've built openldap, and I've got it up and running. I've also
used the migration scripts to migrate my /etc/passwd and /etc/shadow to
the ldap database - no problems so far. So, I then copied the example ftp
PAM config file from the pam_ldap distribution over to /etc/pam.d/ftp. I
copied the example ldap.conf file from pam_ldap over to /etc, and I've put
the appropriate host and base dn in. Now, needless to say it doesn't work.
Authentication still happens because the pam config file falls back to
standard shadow password files, but that's not what I want.
>From syslog:
Dec 11 15:33:36 beast slapd[3640]: daemon: conn=0 fd=9 connection from
IP=127.0.0.1:3466 (IP=0.0.0.0:389) accepted.
Dec 11 15:33:36 beast slapd[3648]: conn=0 op=0 BIND dn="" method=128
Dec 11 15:33:36 beast slapd[3648]: conn=0 op=0 RESULT tag=97 err=0 text=
Dec 11 15:33:36 beast slapd[3648]: conn=0 op=1 SRCH
base="ou=People,dc=beast,dc=com" scope=2
filter="(&(objectClass=account)(uid=james))"
Dec 11 15:33:36 beast slapd[3648]: conn=0 op=1 SEARCH RESULT tag=101 err=0
text=
Dec 11 15:33:36 beast slapd[3648]: conn=0 op=2 BIND
dn="UID=JAMES,OU=PEOPLE,DC=BEAST,DC=COM" method=128
Dec 11 15:33:37 beast slapd[3648]: conn=0 op=2 RESULT tag=97 err=49 text=
Dec 11 15:33:37 beast ftpd[3647]: pam_ldap: error trying to bind as user
"uid=james,ou=People,dc=beast,dc=com" (Invalid credentials)
Dec 11 15:33:37 beast slapd[3648]: conn=0 op=3 BIND dn="" method=128
Dec 11 15:33:37 beast slapd[3648]: conn=0 op=3 RESULT tag=97 err=0 text=
Dec 11 15:33:37 beast slapd[3648]: conn=0 op=4 UNBIND
Dec 11 15:33:37 beast slapd[3648]: conn=-1 fd=9 closed
Dec 11 15:33:37 beast ftpd[3647]: FTP LOGIN FROM localhost.localdomain
[127.0.0.1], james
and /var/log/messages:
Dec 11 15:33:37 beast ftpd[3647]: pam_ldap: error trying to bind as user
"uid=james,ou=People,dc=beast,dc=com" (Invalid credentials)
Dec 11 15:33:37 beast ftpd[3647]: FTP LOGIN FROM localhost.localdomain
[127.0.0.1], james
now, it appears that uid=james... is an invalid login to ldap for whatever
reason. However, I currently have defaultaccess as write, with no other
access controls in slapd.conf. Furhtermore if I do
ldapsearch -v -W -x -b 'uid=james,ou=People,dc=beast,dc=com'
'(objectclass=*)'
with absolutely any password it will retrieve the correct information
(though I don't intend to keep 100% open access priveledges)
I'm guessing I'm missing some additional form of authentication somewhere,
but I can't see what it is. These appear to be all the steps people have
taken in various examples I've found on the web.
Any help would be greatly appreciated.
James.
--
"I like cats too. Let's exchange recipes." - unknown.
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
