PAM Authentication with LDAP on Debian Jessie Not Finding LDAP Users

debian openldap pam
5,500

Solution 1

When you run getent passwd, do you see your LDAP users listed? If not, make sure libnss-ldapd is installed, and run dpkg-reconfigure libnss-ldapd and make sure at least the passwd database is enabled (and you'll probably want group and shadow as well, sooner or later).

If getent passwd mentions your LDAP users but you can't auth as one, run pam-auth-update and make sure LDAP authentication is enabled and nslcd is running.

If nscd (or some variant such as unscd) is installed, I suggest stopping it while troubleshooting as it could return cached inaccurate data.

Information about what pam_ldap is up to is logged to /var/log/auth.log; information about what nslcd is up to is logged to /var/log/syslog; and on the slapd side, turning the log level up to stats will let you see the actual queries nslcd is issuing, whether they were successful, and the number of results returned.

Hope that helps!

Solution 2

If you want to use an existing working OpenLDAP server on your network under Debian Jessie then you should be using the following packages :

libnss-ldap 
libpam-ldap

rather than 

libnss-ldapd
libpam-ldapd
Share:
5,500

Related videos on Youtube

Tohuw
Author by

Tohuw

I really hate coffee in cheap foam cups. It condensates in such an unsettling manner. Have you ever reheated a cheap foam cup of coffee, or just left it to sit around awhile? The coffee tries to escape. It doesn’t even want to be in that cup. And I can understand why: cheap foam cups make coffee taste horrible. Now that the air is clear between us, I trust we have a better understanding.

Updated on September 18, 2022

Comments

  • Tohuw
    Tohuw almost 2 years

    Debian Jessie (specifically, Debian Server Wheezy x64 with testing repos)

    OpenLDAP 2.4.39

    libpam-ldapd 0.9.4-1

    Upon installing libpam-ldapd, the dpkg configuration asked for my LDAP address information (ldapi:\\localhost) and correctly detected my server base.

    I've tried to follow the Debian Wiki articles, but there are references to files that do not exist and scant information to indicate how I might be sure LDAP is being consulted.

    I have OpenLDAP configured and the inetorgperson and NIS schemas loaded. The users ought to have all the correct attributes. Right now, I'm just trying to determine if LDAP is even being consulted, because it seems it isn't.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

OpenLDAP mirror mode replication failing with TLS behind a load balancer
LDAP/NFS/PAM/AutoFS : mkhomedir PAM plugin failling
OpenLDAP with ldaps support on Debian Lenny
smbpasswd: Failed to add entry for user
How to only allow users and/or groups access certain client machines that are connected to an openldap server?
su to myself without password
Kerberos-PAM authentication failure: pam or pre-authentication
LDAP authentication fails
OpenLdap: Why slapd tell me there's no DB_CONFIG when there is one
VsFTPd - LDAP - PAM