PAM-SSH-LDAP problem

[Emiel van de Laar]

On Apr 17, 2009, at 11:04 PM, Panos wrote:

> hello I'm trying to setup an ldap for authenticating users.
> I think that the ldap server is ok
> but ssh gives me an error PAM authntication error illigal user XXX  
> from XXX.XXX.XXX.XXX
> I think that something is wrong when pam-ldap is quering tο ldap.
> Fisrt I thounght that was acl problem so I tried something like this  
> access * by * write
> full access to alla but nothing.
> When I'm using phpldadmin to connet to ldap I have no problem,

[snip]

> Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 fd=11 ACCEPT from  
> IP=127.0.0.1:51667 (IP=0.0.0.0:389)
> Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 BIND  
> dn="cn=manager,dc=something,dc=something,dc=something" method=128
> Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 BIND  
> dn="cn=manager,dc=something,dc=something,dc=something" mech=SIMPLE  
> ssf=0
> Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 RESULT tag=97 err=0  
> text=
> Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=1 SRCH  
> base="ou=users,dc=something,dc=something,dc=something" scope=2  
> deref=0 filter="(&(?objectClass=possixAccount)(uid=ldap_test))"
> Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=1 SEARCH RESULT  
> tag=101 err=0 nentries=0 text=value does not conform to assertion  
> syntax
> Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 fd=11 closed (connection  
> lost)

I suggest you have a look at the LDAP filter.

The log above shows:

(&(?objectClass=possixAccount)(uid=ldap_test))

While I expect something like:

(&(objectClass=possixAccount)(uid=ldap_test))

i.e. remove the '?'.

Regards,

  - Emiel