[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP and PAM: account is expired, but pam_ldap allows authentification



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> 
> It was obvious that he was not asking "why doesn't my pam_ldap talk to my OpenLDAP server."
> 
> Missing elements from the user objects is a *data* problem, it is not an interoperability problem. He would have the same issue whether the server was OpenLDAP, Oracle, or M$AD. It has nothing to do with OpenLDAP, and a careful reader would have known all of this. If you're not reading carefully, you should not be responding to the posts.

Infact, it wouldn't matter if the backend was M$AD or not. You can still use the OpenLDAP client libraries to talk to AD. It is still thusly, an OpenLDAP related question, where the user does not know where to look from here, and they personally did not know, it was NOT the fault of OpenLDAP or pam_ldap but rather of nsswitch.

The fact of the matter, is that not everyone knows everything, or they may have missed something in research etc. It is hard to find a man page, if you don't know what you are looking for. Google also is not perfect. This person did not know about nsswitch and its requirement, merely believing that the key parts of this issue were either OpenLDAP or pam_ldap. We have more experience to know this is not the case. He did not. He asked where he though the most experience would be - here and rightly so as well, since we were able to tell him "look at nsswitch, rather than OpenLDAP or pam_ldap". 

This comes down far more to what he was asking about (and his limited experience), and your perception of it, rather than "what is allowed and what is not". 

> 
> -- 
>  -- Howard Chu
>  CTO, Symas Corp.           http://www.symas.com
>  Director, Highland Sun     http://highlandsun.com/hyc/
>  Chief Architect, OpenLDAP  http://www.openldap.org/project/

William Brown

pgp.mit.edu



-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)

iQIcBAEBAgAGBQJNLrQaAAoJEHF16AnLoz6JAWgQAJHDmRWQ0LJIf9fG2rk0XDkW
f3cJUUHPlD7fD9ixIMM6L/INuAtMEq/Pc2qEz6mmZSLHAcRwwjN7VwScVg3FKteX
iCTSpvJWXUzucj3z4zLAWG7YbCWlfyy04+Q8KO22iqioZcYLRHhTTGHbEZnNKw21
oxH/SYqsAl0I10kfPIkmBUPg79D8F3qJSpaIbD87yWQQ3dcssaUyuCA7ZLw63pMB
//6GESdWFgsoZ7Eev8Oy2y8/z9mJCFo41CeG81Fqdt+/Ftf/oXf4nx0FeHPIiHhP
csw/jRIG64E6c9HNbWfmIctWQx47YdkfhjK3a51TElAASV3ZUKGb9Pf0kXy/06M/
3wyRiHuYIx3S/x8ySQeIFVtiyIbp3g1uakjuTGkH/vo45rX8xnJNIG4bwmQYO6H6
69gtNov0N4A6sIKnM4MqeMBVrq9czFAwrrA+wh7pKzvWgZ2UiWNobNbev993aqdy
hSWUutQc81wZ90q1ix6Znw8+WD5mk/Ah4zKT5OTmR4duBiKiLxQk6BmtTedsSNDc
suweezIKh80DUVkJ4JYVCP4Suxo6SxGTzkWIscdAoVsu8PVt0x+O9Vzlq5wkH9Bx
hcJbwny4huKv857dn8jHVV0Y597WhKgso9iEgCSwDBRrNWA+Tmbpi2zdk0S8JGPs
6o3R7YvrFKFMk7pyp8/s
=brNS
-----END PGP SIGNATURE-----