Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Authenticate new users with LDAP


    I have a pc which authenticate with an openldap server. When I installed the ldap server I imported de users of the pc. Now I am able to authenticate the imported users but not with the users created by the LDAP Account Manager
    I think that the user is right because I can do a search using this new user.

    The configuration of my client is:


    PORT 636

    TLS_CACERT /etc/ldap/ssl/cacert.pem
    TLS_REQCERT never


    passwd: ldap files
    group: ldap files
    shadow: ldap files

    hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
    networks: files

    protocols: db files
    services: db files
    ethers: db files
    rpc: db files

    netgroup: nis


    account sufficient
    account required
    session required skel=/etc/skel/ umask=0077


    auth sufficient
    auth required nullok_secure use_first_pass


    password sufficient
    password required nullok obscure min=4 max=8 md5


    session sufficient
    session required

    Client LOGS (auth.log)

    Nov 25 17:13:38 test sshd[2974]: Invalid user albert from
    Nov 25 17:13:38 test sshd[2974]: Failed none for invalid user aaaa from port 38940 ssh2
    Nov 25 17:13:41 test sshd[2974]: pam_ldap: error trying to bind as user "uid=albert,ou=People,dc=aba,dc=pc,dc=edu" (Invalid credentials)
    Nov 25 17:13:41 test sshd[2974]: (pam_unix) check pass; user unknown
    Nov 25 17:13:41 test sshd[2974]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
    Nov 25 17:13:43 test sshd[2974]: Failed password for invalid user aaaa from port 38940 ssh2

    Server LOGS

    conn=0 fd=15 ACCEPT from IP= (IP=
    conn=0 fd=15 TLS established tls_ssf=256 ssf=256
    conn=0 op=0 BIND dn="cn=admin,dc=aba,dc=pc,dc=edu" method=128
    conn=0 op=0 BIND dn="cn=admin,dc=aba,dc=pc,dc=edu" mech=SIMPLE ssf=0
    conn=0 op=0 RESULT tag=97 err=0 text=
    conn=0 op=1 SRCH base="dc=aba,dc=pc,dc=edu" scope=2 deref=0 filter="(uid=albert)"
    <= bdb_equality_candidates: (uid) not indexed
    conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
    conn=0 op=2 BIND anonymous mech=implicit ssf=0
    conn=0 op=2 BIND dn="uid=albert,ou=People,dc=aba,dc=pc,dc=edu" method=128
    slap_global_control: unrecognized control:
    conn=0 op=2 RESULT tag=97 err=49 text=
    conn=0 op=3 BIND dn="cn=admin,dc=aba,dc=pc,dc=edu" method=128
    conn=0 op=3 BIND dn="cn=admin,dc=aba,dc=pc,dc=edu" mech=SIMPLE ssf=0
    conn=0 op=3 RESULT tag=97 err=0 text=


  2. #2
    Extra information:

    I am able to do a search, from the linux box who wants to do the linux authenticate, using the new user.

    ldapsearch -x -b 'dc=aba,dc=pc,dc=edu' -D "uid=albert,ou=People,dc=aba,dc=pc,dc=edu" -H ldaps:// -d 256 '(objectclass=*)' -W

    Any idea?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts