Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 07-29-2003, 06:11 AM   #1
Registered: Jul 2003
Location: Roodepoort South Africa
Distribution: Redhat / Suse
Posts: 39

Rep: Reputation: 15
pam and ldap authentication problem

Hi am trying to validate a user against a ldap directory with a small pam
enabled application.

If I use "" in the pam config file for the app
the users authenticates fine.On the other hand if I use
"" the authentication fails.

The pam log file records :

pam_ldap: error trying to bind as user "uid=abrb220,ou=People,dc=ldap268"
(Insufficient access)

I think I have set up the ldap directory correctly but are really unsure
about how to put the passwords in.
Here is a the entry of a user in the ldif file used to add it.


dn: uid=abrb220,ou=People,dc=ldap268
uid: abrb220
cn: Rodney
sn: Rodney
objectClass: inetLocalMailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: account
objectClass: posixAccount
objectClass: top
userPassword: {crypt}x
loginShell: /bin/bash
uidNumber: 500
gidNumber: 500
homeDirectory: /home/abrb220
gecos: Rodney


The other config files :

/etc/ldap.conf :

# Your LDAP server. Must be resolvable without using LDAP.

# The distinguished name of the search base.
BASE dc=ldap268

pam_login_attribute uid
ldap_version 3
rootbinddn cn=admin,dc=ldap268



include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/misc.schema

database ldbm
suffix "dc=ldap268"
rootdn "cn=admin, dc=ldap268"
rootpw {MD5}X03MO1qnZdYdgyfeuILPmQ==
#rootpw secret
directory /var/lib/ldap
loglevel 296
password-hash {md5}

access to * by *

The apps pam file in /etc/pam.d :

auth required
auth required


Old 10-08-2003, 06:01 AM   #2
LQ Newbie
Registered: Oct 2003
Posts: 1

Rep: Reputation: 0
edit your pam.d-files


first try the following command to verify you can potentially access your server: ldapsearch -x -b "dc=ldap268" "(objectclass=*)"
If you see some output, i.e. your directory-objects the client to server connection is ok. What concerns me more is you pam.conf file. Does it really look like this or are that only the first two lines? You have to edit it in any case if you want to login:
* forget pam.conf, there hasn't to be anything in it
* your pam_ldap.conf should at least consist of these lines:

base dc=ldap268
uri ldap://[YOUR SERVERS IP]/
ldap_version 3
scope sub
timelimit 30
pam_login_attribute uid
pam_member_attribute memberUid
pam_password exop

more information about that syntax at

To successfully login edit the files in /etc/pam.d (example passwd) like this

password sufficient obscure min=4
password required nullok obscure min=4

you should now be able to login at the console.

If you don't know how to create passwords by hand:
perl -e 'print crypt('YOUR_PASS','TWO_CHARACTER_SALT'),"\n"'

cut and paste it like {crypt}YOUR_PASS_HASH into your ldif.
Old 07-31-2005, 03:49 PM   #3
Registered: Mar 2003
Location: Colorado
Distribution: Fedora Core 4
Posts: 297

Rep: Reputation: 30
Did this fix the problem?

Just wondering, I am having the same problem authenticating with Fedora Directory Server.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
pam ldap limit authentication hassan2 SUSE / openSUSE 0 08-01-2005 06:03 PM
PAM/Kerberos authentication problem hmartin216 Linux - Security 2 03-11-2005 09:28 PM
ldap authentication problem fitz9948 Linux - Networking 0 10-26-2004 02:44 PM
Failing to log into ssh via ldap auth. Pam Problem? cehlers Linux - Security 1 10-10-2004 07:55 AM
Squid PAM authentication and LDAP redmat Linux - Newbie 1 09-03-2004 07:22 PM

All times are GMT -5. The time now is 05:00 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration