pam_ldap issues
Thierry Lacoste
lacoste at miage.univ-paris12.fr
Tue Jul 3 21:46:01 UTC 2007
I have a very similar setting on 6.1
Maybe you have an ACL problem (see below).
What does the following command give?
ldapsearch -x -D "cn=testuser,ou=people,dc=interne,dc=example,dc=org" -W
> </usr/local/etc/ldap.conf>
> base dc=interne,dc=example,dc=org
> uri ldap://127.0.0.1:389/
>
> logdir /var/log/ldap
> #debug 256
>
> timeout 5
> bind_timeout 5
> bind_policy soft
>
> rootbinddn cn=Manager,dc=interne,dc=example,dc=org
BTW I think you can remove this one
>
> nss_base_passwd ou=people,dc=interne,dc=example,dc=org?one
> nss_base_group ou=groups,dc=interne,dc=example,dc=org?one
> </usr/local/etc/ldap.conf>
>
> </usr/local/etc/openldap/slapd.conf>
> include /usr/local/etc/openldap/schema/core.schema
> include /usr/local/etc/openldap/schema/cosine.schema
> include /usr/local/etc/openldap/schema/inetorgperson.schema
> include /usr/local/etc/openldap/schema/nis.schema
> include /usr/local/etc/openldap/schema/samba.schema
>
> pidfile /var/run/openldap/slapd.pid
> argsfile /var/run/openldap/slapd.args
>
> modulepath /usr/local/libexec/openldap
> moduleload back_bdb
>
> access to dn.base=""
> by self write
> by * auth
>
> access to attrs=userPassword
> by self write
> by * auth
Replace this one with
by anonymous auth
>
> access to attrs=shadowLastChange
> by self write
> by * auth
>
> access to *
> by * read
> by anonymous auth
I think you sould also remove all the other above lines containing auth.
>
> schemacheck on
> idletimeout 30
> backend bdb
> database bdb
>
> suffix "dc=interne, dc=example, dc=org"
> rootdn "cn=Manager, dc=interne, dc=example, dc=org"
>
> rootpw password
>
> checkpoint 1024 5
> cachesize 10000
>
> directory /var/db/openldap-data
>
> # Indices to maintain
> index objectClass eq
> index cn pres,sub,eq
> index sn pres,sub,eq
> index uid pres,sub,eq
> index displayName pres,sub,eq
> index uidNumber eq
> index gidNumber eq
> index memberUID eq
> index sambaSID eq
> index sambaPrimaryGroupSID eq
> index sambaDomainName eq
> index default sub
> </usr/local/etc/openldap/slapd.conf>
HTH,
Thierry.
More information about the freebsd-questions
mailing list