24 Sep
2014
24 Sep
'14
6:55 a.m.
On 09/24/14 14:30 +0200, Ivaylo Ganchev wrote:
Hello,
I am installing openldap in my cathedra and am running into a strange problem.
- When I use libnss_ldapd and libpam_ldapd, the communication is OK, but
it seems that the client is not asking for the userPassword agrument and so, there is no way to login (it only asks for "loginShell cn gidNumber uidNumber objectClass homeDirectory gecos uid" and then in another request "shadowExpire shadowInactive shadowFlag shadowWarning shadowLastChange uid shadowMin shadowMax"
See:
http://arthurdejong.org/nss-pam-ldapd/setup
and its troubleshooting steps, namely, getent passwd, getent shadow, and debug mode.
In default configuration, you will not directly expose the userPassword attribute to the client - a successful bind will authenticate the client's credentials.
--
Dan White