[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
pam_ldap+proftpd under SuSE Linux
I apologize ahead of time if this is an improper forum for asking this
question, but I've been scratching my head and racking my brain trying to
find a way to pam_ldap properly talk to slapd.
It seems as though pam_ldap is properly constructing the query string for
slapd, but is either not recognizing the output or is not getting any.
As a result, I cannot log in to the proftpd server. If I enable
pam_permit, I can log in with any password, as long as the username exists
in LDAP.
This seems so straightforward in the documentation, so I am not sure what
I might be missing. If this has been discussed, I missed it in the
archives, so if anyone has done this before, it'll save my life!
Aug 31 11:50:24 dev000 proftpd[18376]: dev000.example.com (sundev.example.com[x.x.146.94]) - FTP session opened.
Aug 31 11:50:28 dev000 slapd[18369]: daemon: conn=3 fd=10 connection from IP=::1 1906 (IP=:: 389) accepted.
Aug 31 11:50:28 dev000 slapd[18373]: conn=3 op=0 BIND dn="CN=MANAGER,DC=EXAMPLE,DC=COM" method=128
Aug 31 11:50:28 dev000 slapd[18373]: conn=3 op=0 RESULT tag=97 err=0 text=
Aug 31 11:50:28 dev000 slapd[18372]: conn=3 op=1 SRCH base="dc=example,dc=com" scope=2 filter="(&(uid=janedoe)(objectClass=posixAccount))"
Aug 31 11:50:28 dev000 slapd[18372]: conn=3 op=1 SEARCH RESULT tag=101 err=0 text=
Aug 31 11:50:30 dev000 slapd[18373]: conn=3 op=2 UNBIND
Aug 31 11:50:30 dev000 slapd[18373]: conn=-1 fd=10 closed
Aug 31 11:50:30 dev000 slapd[18369]: daemon: conn=4 fd=10 connection from IP=::1 1907 (IP=:: 389) accepted.
Aug 31 11:50:30 dev000 slapd[18372]: conn=4 op=0 BIND dn="CN=MANAGER,DC=EXAMPLE,DC=COM" method=128
Aug 31 11:50:30 dev000 slapd[18372]: conn=4 op=0 RESULT tag=97 err=0 text=
Aug 31 11:50:30 dev000 slapd[18373]: conn=4 op=1 SRCH base="dc=example,dc=com" scope=2 filter="(&(uid=janedoe)(objectClass=posixAccount))"
Aug 31 11:50:30 dev000 slapd[18373]: conn=4 op=1 SEARCH RESULT tag=101 err=0 text=
Aug 31 11:50:30 dev000 slapd[18372]: conn=4 op=2 SRCH base="dc=example,dc=com" scope=2 filter="(&(uid=janedoe)(objectClass=posixAccount))"
Aug 31 11:50:30 dev000 slapd[18372]: conn=4 op=2 SEARCH RESULT tag=101 err=0 text=
Aug 31 11:50:30 dev000 slapd[18369]: daemon: conn=5 fd=15 connection from IP=127.0.0.1:1908 (IP=:: 636) accepted.
Aug 31 11:50:30 dev000 proftpd[18376]: dev000.example.com (sundev.example.com[x.x.146.94]) - ProFTPD terminating (signal 11)
Aug 31 11:50:30 dev000 slapd[18369]: conn=-1 fd=10 closed
Aug 31 11:50:30 dev000 slapd[18369]: conn=-1 fd=15 closed
Here's my /etc/pam.d/proftpd:
#%PAM-1.0
#auth required /lib/security/pam_permit.so debug
auth required /lib/security/pam_ldap.so debug
auth required /lib/security/pam_shells.so
account required /lib/security/pam_ldap.so debug
password required /lib/security/pam_ldap.so debug
Here's my /etc/openldap/ldap.conf
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.4.8.6 2000/09/05 17:54:38 kurt Exp $
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
base "dc=example, dc=com"
uri ldaps://127.0.0.1
host 127.0.0.1
ldap_version 3
#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
ssl yes
#sslpath /usr/ssl/certs
--
Jonathan Kalbfeld M268@>6]U('!L87D@=&AI<R!M ThoughtWave Technologies LLC
(v) +1 415 386 UNIX 97-S86=E(&)A8VMW87)D<RP@: UNIX, Networking, Programming
(f) +1 415 358 4519 70@;65A;G,@);F]T:&EN9RX* http://www.thoughtwave.net/