On Thu, 2010-02-11 at 07:50 +1100, Alex Samad wrote: > <snip> > > On Thu, 2010-02-11 at 06:42 +1100, Alex Samad wrote: > > > On Wed, Feb 10, 2010 at 11:07:05AM -0500, John A. Sullivan III wrote: > > > > Hello, all. We have just started to explore Debian Lenny as a platform > > > > and have been delightfully impressed however we're hitting a problem > > > > using LDAP authentication that we have not experienced in RedHat or > > > > Ubuntu. We do not allow anonymous LDAP queries but rather > > > > configure /etc/pam_ldap.conf with a binddn and bindpw. > > > > > > > > Our LDAP queries are failing and, when we look at the access logs on our > > > > CentOS Directory Server 8.1, we see the binddn is empty: > > > > > > > Hi > > > > > > on my debian system I have a couple of packages installed to handle ldap > > > userid db. > > > > > > pam handles one side of it but you need the nss stuff as well. There > > > are 2 sets of packages, the one I use (I like it better - works how I > > > like it to work and seems to be getting active maintenance). > > > > > > nslcd and with this you will need libnss-ldapd & libpam-ldapd they both > > > need config files in /etc > > libnss-ldap and libpam-ldap are installed. I do not see a packaged > > named nslcd unless it's a typo for nscd which is installed as well. > > no nslcd is not a typo, like I said there are 2 streams/groups of > packages for pam integration you have the !older! ones. have a look at > nslcd and its partner packages I have found them to more stable. > > > > > > > > > > > [snip] > > > > > > > > > > > pam_ldap.conf looks like this: > > > > > > > > > > [snip] > > > > > > you need to look at the nss config file as well > > Do you mean nsswitch.conf? If so, we did address that - files ldap for > > passwd, group, and shadow. > > nope this file /etc/nss-ldapd.conf used for the nss side of things which > is what getent uses and tools like nsswitch, glibc & whoami <snip> Ah! That was it and that's what's different. CentOS and Ubuntu do not separate them. I was wondering why there was a pam_ldap.conf instead of an ldap.conf. I assumed it was to eliminate conflict with openldap's ldap.conf. I didn't realize it was to distinguish it from nss-ldap.conf.
Regarding nslcd, in which repository is it? I did an apt-cache search nslcd and it returned nothing. Thanks very, very much - John -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
