Hi all,
I have been trying to integrate pam_ldap in my CentOS machine. I
installed the pam_ldap package through yum.
/lib64/security/pam_ldap.so is present.
I did necessary changes in the /etc/pam.d/login, sshd, passwd files
to first look into the shadow file then fallback to ldap. but Im able
to authenticate the users whose password in the shadow file. But when
I try to authenticate the user whose information stored in the ldap,
it is failing complaining that "pam_ldap: error trying to bind
(Invalid credentials)".
I have also tried the ldapsearch command line utility of the ldap
there the same Dn, user, password are working and successfully able to
connect the ldap server.
I have done necessary changes in the /etc/ldap.conf.
# this file must be world readable (0644)
BASE DC=my,DC=example,DC=com
# FQDN of the LDAP server
#HOST XXX.XXX.XXX.XXX
# encryption used for storing passwords
#pam_crypt
#ldap_version 3
# bindpw is only needed if you want to allow root to change entries on
# this host.
# it's also better to keep the password in /etc/ldap.secret (0600)
instead
#bindpw {crypt}4rKJLSLewr
#base DC=my,DC=example,DC=com
uri ldap://
newldap.my.example.com
binddn CN=santhosh,OU=Service Accounts,OU=Enterprise
Services,DC=my,DC=example,DC=com
bindpw santhosh123
#{md5}ea7bb3f922e875d6efc3a3fbbbada590
port 389
timelimit 120
bind_timelimit 30
bind_policy soft
idle_timelimit 3600
pam_password crypt
ssl no
scope LDAP_SCOPE_BASE
# this one is to allow root to change entries
# it will require bindpw or password in /etc/ldap.secret
#rootbinddn cn=root,dc=example,dc=com
#rootbinddn CN=santhosh,OU=Service Accounts,OU=Enterprise
Services,DC=my,DC=example,DC=com
# this for group access
nss_base_passwd DC=my,DC=example,DC=com
nss_base_shadow DC=my,DC=example,DC=com
nss_base_group OU=Service Accounts,OU=Enterprise
Services,DC=my,DC=example,dc=com
nss_reconnect_tries 60
pam_filter objectclass=posixAccount
pam_login_attribute uid
# OpenLDAP SSL options
# Require and verify server certificate (yes/no)
# TBD: where to put this certificate anyway?
Any one has expertise on it ?. Appreciate if anyone can help.
Thanks,
Santhosh