0 Replies Latest reply: Apr 30, 2012 9:30 AM by 934094 RSS

    Configure pam.d to authentic in ldap OID.

    934094
      Good morning everyone,

      I have some problems to configure pam.d as client OID ldap.

      Release:

      cat /etc/redhat-release
      Red Hat Enterprise Linux Server release 6.2 (Santiago)

      cat /etc/openldap/ldap.conf
      URI ldap://10.51.4.130
      BASE dc=Medtec,dc=com
      TLS_CACERTDIR /etc/openldap/cacerts

      cat pam_ldap.conf
      uri ldap://10.51.4.130
      Medtec base dc =, dc=com
      binddn cn =BINDLINUX,ou=SPECIAL,cn=Users,dc=Medtec,dc=com
      bindpw medtest
      scope sub
      nss_base_passwd cn=Users,dc=Medtec,dc=com?sub
      nss_base_shadow cn=Users,dc=Medtec,dc=com?sub
      nss_base_group cn=Users,dc=Medtec,dc=com?sub
      nss_map_objectclass posixAccount user
      nss_map_objectclass shadowAccount user
      nss_map_objectclass posixGroup Group
      nss_map_attribute HomeDirectory unixHomeDirectory
      nss_map_attribute uniqueMember member
      nss_map_attribute shadowLastChange pwdLastSet
      pam_login_attribute uid
      pam_filter objectClass=person
      pam_password ad
      pam_member_attribute member



      cat nslcd.conf
      binddn cn=BINDLINUX,ou=SPECIAL,cn=Users,dc=Medtec,dc=com
      bindpw medtest
      scope sub
      base dc=Medtec,dc=com
      scope sub group
      scope sub hosts
      pagesize 1000
      referrals off
      passwd filter (& (objectClass=user) (! (objectClass=computer)) (uidNumber=*) (* unixHomeDirectory =))
      passwd map HomeDirectory unixHomeDirectory
      shadow filter (& (objectClass=user) (! (objectClass=computer)) (uidNumber=*) (* unixHomeDirectory =))
      shadow map shadowLastChange pwdLastSet
      group filter (objectClass=group)
      map group member uniqueMember
      uid nslcd
      gid ldap
      uri ldap://10.51.4.130/
      ssl on
      tls_cacertdir /etc/openldap/cacerts



      The problem (or no):

      In /var/log/messages: nslcd[14874]: [90cde7] ldap_result() failed: Server is unwilling to perform
      In getent passwd don´t show the ldap users.


      Thz,

      Thiago Anderson