Besides ldap.conf, you also need to configure pam:
I haven't got to configuring pam yet, but just ldap.conf+nsswitch.conf should work just to get uset information, either using something like "finger user" or "getent passwd".
LDAP user information without pam_ldap is useful, for instance, if I'm going to do authentication through Kerberos or just need the user information to be able to use Samba in an Active Directory domain without using winbind (to maintain uid/gid consistency through Samba and NFS).
But thanks anyway, I also wasn't sure how to configure pam_ldap, although I'm not there yet.
Carlos Rodrigues
apt-get install libpam-ldap -y apt-get install libnss-ldap -y apt-get install libpam-cracklib -y
Note: libpam-cracklib is not required for LDAP (it just enforces strong passwords)
The following config files work, but you can change them to suit your needs:
/etc/pam.d/common-auth: auth sufficient pam_ldap.so auth required pam_unix.so use_first_pass
/etc/pam.d/common-account: account sufficient pam_ldap.so account required pam_unix.so
/etc/pam.d/common-password: password required pam_cracklib.so retry=3 minlen=6 difok=3 password sufficient pam_ldap.so use_authtok try_first_pass password required pam_unix.so use_authtok try_first_pass md5
Also, if you intend to change user passwords with passwd via libpam-ldap, you will need to patch pam_ldap.so: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=284104
Good luck!
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
