[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Cannot login with pam_ldap

To: OpenLDAP-software@OpenLDAP.org, debian-isp@lists.debian.org
Subject: Re: Cannot login with pam_ldap
From: Stephane Bortzmeyer <bortzmeyer@netaktiv.com>
Date: Fri, 13 Apr 2001 13:54:56 +0200
Cc: golam@netaktiv.com
Content-disposition: inline
In-reply-to: <20010412182159.A20199@internatif.org>; from bortzmeyer@netaktiv.com on Thu, Apr 12, 2001 at 06:21:59PM +0200
Organization: NetAktiv
References: <20010412182159.A20199@internatif.org>
User-agent: Mutt/1.2.5i

On Thu, Apr 12, 2001 at 06:21:59PM +0200,
 Stephane Bortzmeyer <bortzmeyer@netaktiv.com> wrote 
 a message of 37 lines which said:

> Apr 12 19:30:41 progress login[1149]: pam_ldap: error trying to bind as user "cn=Vladimir Toto,ou=People,dc=netaktiv,dc=com" (Invalid credentials)
> 
> I understand that "Invalid credentials" means a wrong password but it
> works with ldapsearch:

Yes, because pam_ldap was able to authentify but pam_unix (which is
still required) tried to bind to the LDAP server. The missing option
was, in /etc/pam.d/XXX :

                                   vvvvvvvvvvvvvv
auth       required   pam_unix.so  try_first_pass
      
to tell pam_unix to use the above password.
                           
I learned some things about the way LDAP works :-)

References:
- Cannot login with pam_ldap
  - From: Stephane Bortzmeyer <bortzmeyer@netaktiv.com>

Prev by Date: RE: Cannot compile with LDBM support
Next by Date: OpenLDAP libs thread-safe?
Index(es):
- Chronological
- Thread