Re: PAM LDAP queries attempt to bind with empty binddn
- From: Alex Samad <alex@xxxxxxxxxxxx>
- Date: Thu, 11 Feb 2010 07:50:40 +1100
On Wed, Feb 10, 2010 at 03:27:25PM -0500, John A. Sullivan III wrote:
Thanks for the quick response. I'll answer in the text below - John
On Thu, 2010-02-11 at 06:42 +1100, Alex Samad wrote:
On Wed, Feb 10, 2010 at 11:07:05AM -0500, John A. Sullivan III wrote:libnss-ldap and libpam-ldap are installed. I do not see a packaged
Hello, all. We have just started to explore Debian Lenny as a platformHi
and have been delightfully impressed however we're hitting a problem
using LDAP authentication that we have not experienced in RedHat or
Ubuntu. We do not allow anonymous LDAP queries but rather
configure /etc/pam_ldap.conf with a binddn and bindpw.
Our LDAP queries are failing and, when we look at the access logs on our
CentOS Directory Server 8.1, we see the binddn is empty:
on my debian system I have a couple of packages installed to handle ldap
userid db.
pam handles one side of it but you need the nss stuff as well. There
are 2 sets of packages, the one I use (I like it better - works how I
like it to work and seems to be getting active maintenance).
nslcd and with this you will need libnss-ldapd & libpam-ldapd they both
need config files in /etc
named nslcd unless it's a typo for nscd which is installed as well.
no nslcd is not a typo, like I said there are 2 streams/groups of
packages for pam integration you have the !older! ones. have a look at
nslcd and its partner packages I have found them to more stable.
Do you mean nsswitch.conf? If so, we did address that - files ldap for
[snip]
pam_ldap.conf looks like this:
[snip]
you need to look at the nss config file as well
passwd, group, and shadow.
nope this file /etc/nss-ldapd.conf used for the nss side of things which
is what getent uses and tools like nsswitch, glibc & whoami
as per abovegetent passwd only shows local users
We could very likely have a missing package. This is a vserver and they
install a very skeleton base system. For example, the system initially
did not query at all until we realized we needed to install passwd.
This is an X2Go print server (hopefully many desktops to come
immediately after!) so we have installed:
[snip]
maybe you are missing stuff, like the nss ldap package. getent passwd
should show you all your users work from there and then getent group
Still eagerly looking for hints and suggestions. Thanks - John
did we do wrong? Any help would be greatly appreciated as I've lost days
tracking this down with no answer. Thanks - John
have a look at the nslcd package and the authors web page - why he
created this package (a fork of the original stuff)
--
"I recently met with the finance minister of the Palestinian Authority, was very impressed by his grasp of finances."
- George W. Bush
05/29/2003
Washington, DC
Attachment:
signature.asc
Description: Digital signature
- Follow-Ups:
- Re: PAM LDAP queries attempt to bind with empty binddn
- From: Tony Nelson
- Re: PAM LDAP queries attempt to bind with empty binddn
- From: John A. Sullivan III
- Re: PAM LDAP queries attempt to bind with empty binddn
- References:
- PAM LDAP queries attempt to bind with empty binddn
- From: John A. Sullivan III
- Re: PAM LDAP queries attempt to bind with empty binddn
- From: Alex Samad
- Re: PAM LDAP queries attempt to bind with empty binddn
- From: John A. Sullivan III
- PAM LDAP queries attempt to bind with empty binddn
- Prev by Date: Re: portable Debian
- Next by Date: Re: font substitution by acroread
- Previous by thread: Re: PAM LDAP queries attempt to bind with empty binddn
- Next by thread: Re: PAM LDAP queries attempt to bind with empty binddn
- Index(es):
Relevant Pages
|
