Hi... I'm new to LDAP configuration and I'm trying to get my Debian 8 server to bind with an Apply Open Directory. This is how far I've gotten:
1. Apple Open Directory is up and running on a OS X Server.
2. I have been able to bind a OS X client (iMac) to Open Directory and verified Open Directory is working.
3. On my Debian server, I've installed:
libpam-ldap, libnss-ldap, nscd
4. I also configured ldap/pam following the wizard (after the install).
5. I've added a user in Open Directory (from the OS X Server console).
6. I'm able to login to the iMac using that new user.
7. When I try to login (ssh) to my Debian server using that same user, I get "Access Denied" and this shows up in log:
pam_ldap: error trying to bind as user "uid=hs3,cn=users,dc=elcapitan,dc=local" (Insufficient access)
8. I can search Open Directory from my Debian server:
ldapsearch -x -H ldap://192.168.40.231 -b "dc=elcapitan,dc=local"
And that user shows this entry:
# hs3, users, elcapitan.local
dn: uid=hs3,cn=users,dc=elcapitan,dc=local
sn: hs3
uid: hs3
uidNumber: 1001
gidNumber: 20
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: top
objectClass: extensibleObject
objectClass: apple-user
apple-user-homequota: 0
cn: hs3
authAuthority: ;ApplePasswordServer;XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX,1024 65
537 1043973113969844210822866462421905255494718861439100342247659253785500261
67178295328777019465874243321328143673136356147129340235629013957497365701071
24181617209159032857300415975051894080397037127496721865418164251623512544082
22071883079756098531923404451060145847949045633054098244579507043473383470261
82151
root@elcapitan.local:192.168.40.231
authAuthority: ;Kerberosv5;;hs3@ELCAPITAN.LOCAL;ELCAPITAN.LOCAL;
altSecurityIdentities: Kerberos:hs3@ELCAPITAN.LOCAL
apple-generateduid: B936F654-19C9-4D38-9F2B-DA9D5B4BE7C2
homeDirectory: /Users/hs3
loginShell: /bin/bash
Please help. I've been banging my head on this for the last 2 days.