[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [lukeh@xedoc.com.au: new pam_ldap module]



Is there an example for usage?
(Linux redhat5.1, umich ldap3.3)

I'm getting an login: .. password: .. and LDAP password: prompt
BUT the pam module seems not to ask my ldap server :-(

What I did:

copied ldap.conf -> /etc/ldap.conf
#----------------------------------
host 127.0.0.1
port 389
# The distinguished name of the search base.
base o=axel,c=DE
# Filter to AND with uid=%s
#pam_filter objectclass=pamSecurityObject
pam_filter objectclass=useraccount
# The user ID attribute (defaults to uid)
#pam_attribute uid
# Search the root DSE for the password policy (works
# with Netscape Directory Server)
#pam_lookup_policy yes
# Use the V3 protocol to optimize searches
ldap_version 2
#----------------------------------

build my authentication objectclass (and put some content in it):
#----------------------------------
objectclass UserAccount
        requires
                objectClass,
                cn,
                uid,
                gid,
                userPassword,
                loginshell,
                homedirectory
        allows
                mail,
                description,
                seeAlso,
                telephoneNumber
#----------------------------------

put the pam_ldap.so module in /lib/security

and edited /etc/pam.d/login
.. I think here is one Problem, I tried some things:
.. one example:
#----------------------------------
#%PAM-1.0
auth       required    /lib/security/pam_securetty.so
auth       required    /lib/security/pam_pwdb.so shadow nullok
auth       required    /lib/security/pam_nologin.so
auth   required     /lib/security/pam_ldap.so
account    required     /lib/security/pam_pwdb.so
password   required    /lib/security/pam_cracklib.so
password   required    /lib/security/pam_pwdb.so shadow nullok
use_authtok
password   required     /lib/security/pam_ldap.so
session    required     /lib/security/pam_pwdb.so



Jared Mauch wrote:
> 
>         YAY! :)
> 
> ----- Forwarded message from Luke Howard <lukeh@xedoc.com.au> -----
> 
> We're pleased to announce the alpha release of our pam_ldap module,
> released under the GNU GLPL (although it is anticipated that it will be
> commercially supported).
> 
> The advantages of this particular version are:
> 
>    o Support for changing passwords in LDAP
> 
>    o Support for the V3 client API and protocol (to minimize
>      rebinds)
> 
>    o Support for Netscape's SSL API (not yet tested)
> 
>    o Compatibility with the nss_ldap configuration file format
> 
>    o Supports ypldapd LDAP locator for plug-and-play installation
> 
>    o Supports Netscape Directory Server password policies
> 
>    o Supports access authorization on the "host" attribute of the
>      account objectclass
> 
> The module builds under both Linux and Solaris although it has only been
> tested under Solaris 2.6.
> 
> Where can I get it? For the moment:
> 
> http://www.xedoc.com.au/~lukeh/ldap/pam_ldap.tar.gz
> 
> Although it will soon be moving to a new location.
> 
> Whilst I've got your attention, we've recently developed a GSS-API SASL
> plugin for Netscape's Directory Server and client library. Contact myself
> for further details.
> 
> --
>    Luke Howard
>    PADL Software
>    lukeh@padl.com
> 

 
-----DPN--Deutsches-Provider-Network----Bremen--------
isb GmbH                                    Axel Klatt
Internet-Service, Beratung           	  axel@isb.net
Faulenstrasse 2-12, 28195 Bremen
--