PAM-SSH-LDAP problem
Emiel van de Laar
emiel at vandelaar.name
Fri Apr 17 22:32:37 UTC 2009
On Apr 17, 2009, at 11:04 PM, Panos wrote:
> hello I'm trying to setup an ldap for authenticating users.
> I think that the ldap server is ok
> but ssh gives me an error PAM authntication error illigal user XXX
> from XXX.XXX.XXX.XXX
> I think that something is wrong when pam-ldap is quering tο ldap.
> Fisrt I thounght that was acl problem so I tried something like this
> access * by * write
> full access to alla but nothing.
> When I'm using phpldadmin to connet to ldap I have no problem,
[snip]
> Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 fd=11 ACCEPT from
> IP=127.0.0.1:51667 (IP=0.0.0.0:389)
> Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 BIND
> dn="cn=manager,dc=something,dc=something,dc=something" method=128
> Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 BIND
> dn="cn=manager,dc=something,dc=something,dc=something" mech=SIMPLE
> ssf=0
> Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 RESULT tag=97 err=0
> text=
> Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=1 SRCH
> base="ou=users,dc=something,dc=something,dc=something" scope=2
> deref=0 filter="(&(?objectClass=possixAccount)(uid=ldap_test))"
> Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=1 SEARCH RESULT
> tag=101 err=0 nentries=0 text=value does not conform to assertion
> syntax
> Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 fd=11 closed (connection
> lost)
I suggest you have a look at the LDAP filter.
The log above shows:
(&(?objectClass=possixAccount)(uid=ldap_test))
While I expect something like:
(&(objectClass=possixAccount)(uid=ldap_test))
i.e. remove the '?'.
Regards,
- Emiel
More information about the freebsd-questions
mailing list