Re: Openldap and Solaris 8

["Jan Z." <j.zeller@gpstechnik.ch>]

Title: RE: Openldap and Solaris 8

 

----- Original Message -----

From: Chapman, Kyle

To: 'Jan Z.'

Sent: Tuesday, July 31, 2001 5:24 PM

Subject: RE: Openldap and Solaris 8

i havent had any problems at all with the padl modules.  what errors do you get?  do you have a file -> /etc/pam_debug?  let me know ...

thanks for your help :

 

I recently re-installed pam_ldap-122 & nss_ldap-166 on SunOS 5.8 in combination with openldap-2.0.8 + patch (www.ypass.net). Compilation was alright.

The problem is that I can't use telnet to login with user "helene". Helene is a real existing user in the LDAP-db. She is really there. Openldap is properly configured.

 

/etc/pam.conf for testing purpose looks like this :

 

telnet  auth    sufficient      /usr/lib/security/pam_openldap.so.1
telnet  auth    sufficient      /usr/lib/security/pam_unix.so
telnet  account sufficient      /usr/lib/security/pam_openldap.so.1
telnet  account sufficient      /usr/lib/security/pam_unix.so
telnet  session sufficient      /usr/lib/security/pam_openldap.so.1
telnet  session sufficient      /usr/lib/security/pam_unix.so

 

/etc/ldap.conf

 

host 127.0.0.1

base dc=soulution,dc=ch
ldap_version 3

binddn cn=ldapadmin,dc=soulution,dc=ch

bindpw secret

pam_filter objectclass=posixAccount

pam_login_attribute uid

pam_password exop

nss_base_passwd ou=People,dc=soulution,dc=ch?sub       
nss_base_shadow ou=People,dc=soulution,dc=ch?sub

 

 

slapd -d 384 output :

 

daemon: conn=43 fd=7 connection from IP=xxx(IP=0.0.0.0:389) accepted.
conn=43 op=0 BIND dn="CN=LDAPADMIN,DC=SOULUTION,DC=CH" method=128
ber_flush: 14 bytes to sd 7
conn=43 op=0 RESULT tag=97 err=0 text=
conn=43 op=1 SRCH base="ou=People,dc=soulution,dc=ch" scope=2 filter="(&(objectClass=posixAccount )(uid=helene))"
ber_flush: 14 bytes to sd 7
conn=43 op=1 SEARCH RESULT tag=101 err=0 text=
daemon: conn=44 fd=12 connection from IP=xxx(IP=0.0.0.0:389) accepted.
conn=44 op=0 BIND dn="CN=LDAPADMIN,DC=SOULUTION,DC=CH" method=128
ber_flush: 14 bytes to sd 12
conn=44 op=0 RESULT tag=97 err=0 text=
conn=44 op=1 SRCH base="ou=People,dc=soulution,dc=ch" scope=2 filter="(&(objectClass=posixAccount)(uid=helene))"
ber_flush: 14 bytes to sd 12
conn=44 op=1 SEARCH RESULT tag=101 err=0 text=

 

 

conn=44 op=2 SRCH base="ou=People,dc=soulution,dc=ch" scope=2 filter="(&(objectClass=posixAccount)(uid=helene))"
ber_flush: 14 bytes to sd 12
conn=44 op=2 SEARCH RESULT tag=101 err=0 text=

 

 

ms-dos console output :

 

login: helene
Password:

nss_ldap: ==> _nss_ldap_getbyname
nss_ldap: ==> _nss_ldap_search_s
nss_ldap: ==> do_open
nss_ldap: <== do_open
nss_ldap: ==> do_filter
nss_ldap: :== do_filter: (&(objectclass=posixAccount)(uid=helene))
nss_ldap: <== do_filter
nss_ldap: ==> do_with_reconnect
nss_ldap: ==> do_open
nss_ldap: <== do_open
nss_ldap: ==> do_search_s
nss_ldap: <== do_search_s
nss_ldap: <== do_with_reconnect
nss_ldap: <== _nss_ldap_search_s
nss_ldap: ==> do_parse_s
nss_ldap: <== do_parse_s
nss_ldap: ==> _nss_ldap_ent_context_release
nss_ldap: <== _nss_ldap_ent_context_release
nss_ldap: <== _nss_ldap_getbyname

System password:

 

nss_ldap: ==> _nss_ldap_getbyname
nss_ldap: ==> _nss_ldap_search_s
nss_ldap: ==> do_open
nss_ldap: <== do_open
nss_ldap: ==> do_filter
nss_ldap: :== do_filter: (&(objectclass=posixAccount)(uid=helene))
nss_ldap: <== do_filter
nss_ldap: ==> do_with_reconnect
nss_ldap: ==> do_open
nss_ldap: <== do_open
nss_ldap: ==> do_search_s
nss_ldap: <== do_search_s
nss_ldap: <== do_with_reconnect
nss_ldap: <== _nss_ldap_search_s
nss_ldap: ==> do_parse_s
nss_ldap: <== do_parse_s
nss_ldap: ==> _nss_ldap_ent_context_release
nss_ldap: <== _nss_ldap_ent_context_release
nss_ldap: <== _nss_ldap_getbyname
Login incorrect

 

Can someone please help me out of this dilemma ?

 

regards,

 

 

Jan