Hi All, I have configured a ldap server and trying to login to same ldap server using a ldap user. However, I am not able to login and getting the following in /var/log/secure: Dec 22 20:06:29 redhat5 sshd[7241]: Invalid user ldapu1 from 192.168.85.1 Dec 22 20:06:31 redhat5 sshd[7242]: input_userauth_request: invalid user ldapu1 Dec 22 20:06:37 redhat5 sshd[7241]: pam_unix(sshd:auth): check pass; user unknown Dec 22 20:06:37 redhat5 sshd[7241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.85.1 Dec 22 20:06:37 redhat5 sshd[7241]: pam_succeed_if(sshd:auth): error retrieving information about user ldapu1 Dec 22 20:06:39 redhat5 sshd[7241]: Failed password for invalid user ldapu1 from 192.168.85.1 port 4461 ssh2 Following appears in ldap.log: Dec 22 20:07:52 redhat5 slapd[2966]: conn=1 op=30 SRCH base="ou=Users,dc=homeldap,dc=com" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=ldapu1))" Dec 22 20:07:52 redhat5 slapd[2966]: conn=1 op=30 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Dec 22 20:07:52 redhat5 slapd[2966]: conn=1 op=30 SEARCH RESULT tag=101 err=0 nentries=0 text= Dec 22 20:07:52 redhat5 slapd[2966]: conn=1 op=31 SRCH base="ou=Computers,dc=homeldap,dc=com" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=ldapu1))" Dec 22 20:07:52 redhat5 slapd[2966]: conn=1 op=31 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Dec 22 20:07:52 redhat5 slapd[2966]: conn=1 op=31 SEARCH RESULT tag=101 err=0 nentries=0 text= I can see that if I use the ldapsearch with same filter, I am not able to locate the user "ldapu1". However, if I change the filter to (|(objectClass=posixAccount)(uid=ldapu1))", it shows me the ldap user: ============= [root@redhat5 ~]# ldapsearch -x -b "ou=Users,dc=homeldap,dc=com" -D "cn=Manager,dc=homeldap,dc=com" -W -H "ldap://127.0.0.1/" "(|(objectClass=posixAccount)(uid=ldapu1))" Enter LDAP Password: # extended LDIF # # LDAPv3 # base <ou=Users,dc=homeldap,dc=com> with scope subtree # filter: (|(objectClass=posixAccount)(uid=ldapu1)) # requesting: ALL # # ldapu1, Users, homeldap.com dn: cn=ldapu1,ou=Users,dc=homeldap,dc=com objectClass: inetOrgPerson cn: ldapu1 sn: ldapu1 uid: ldapu1 userPassword:: bGRhcHV1MQ== # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 ============= Can someone please tell me where I have made a mistake? -- Is it necessary to create an account on Linux box and then migrate it to ldap? -- I was just wondering if I can somehow change the default filter from AND to OR at the time of login. I used "pam_filter |objectClass=inetOrgPerson" in ldap.conf however, it didn't change the filter. Regards, |