[Date Prev][Date Next] [Chronological] [Thread] [Top]

Cannot login with pam_ldap

To: OpenLDAP-software@OpenLDAP.org, debian-isp@lists.debian.org
Subject: Cannot login with pam_ldap
From: Stephane Bortzmeyer <bortzmeyer@netaktiv.com>
Date: Thu, 12 Apr 2001 18:21:59 +0200
Cc: golam@netaktiv.com, bortzmeyer@netaktiv.com
Content-disposition: inline
Organization: NetAktiv
User-agent: Mutt/1.2.5i

I have a LDAP server on a Debian machine, it runs fine (gq and
ldapsearch show that the posixAccount I add are indeed present).

But the pam_ldap module does not allow logins.

If I give a wrong password, I get a second 'Password:' request from
login (since I indicated pam_ldap as 'sufficient', not 'required') :
normal.

If I run ldapsearch, binding to the name of an LDAP account, giving
its password, it works: normal.

But if I type the same account and password at the login: prompt, I get
back a login: prompt.

The following appears in the log:

Apr 12 19:30:41 progress login[1149]: pam_ldap: error trying to bind as user "cn=Vladimir Toto,ou=People,dc=netaktiv,dc=com" (Invalid credentials)

I understand that "Invalid credentials" means a wrong password but it
works with ldapsearch:

ldapsearch -D "cn=Vladimir Toto,ou=People,dc=netaktiv,dc=com" -x -W
Enter LDAP Password: 
[My reply]

The log of slapd on the server shows:

Apr 12 17:41:55 soyouz slapd[5843]: conn=0 op=2 BIND dn="CN=VLADIMIR TOTO,OU=PEOPLE,DC=NETAKTIV,DC=COM" method=128 
Apr 12 17:41:55 soyouz slapd[5843]: conn=0 op=2 RESULT tag=97 err=0 text= 
Apr 12 17:41:55 soyouz slapd[5841]: deferring operation 

slapd 2.0.7, pam_ldap 105

Follow-Ups:
- Re: Cannot login with pam_ldap
  - From: "David Young" <dyoung@NetToNetTech.com>
- Re: Cannot login with pam_ldap
  - From: Stephane Bortzmeyer <bortzmeyer@netaktiv.com>

Prev by Date: Re:AW: Unknown error and Object Not Found
Next by Date: Re: Cannot login with pam_ldap
Index(es):
- Chronological
- Thread