* Mullins, Ron <[EMAIL PROTECTED]> [010405 17:09]: > Seriously, has no one setup the libpam-ldap in Debian? > > Just some working config files to enlighten me as to the little thing I > haven't gotten right would be splendid. You don't have to talk to me, you > don't have to be my friend...I won't come to your house and drink your beer > if you respond. Promise. > dd
required packages: openldap libpam-ldap libnss-ldap libpam-cracklib nscd /etc/libnss-ldap.conf: =================================================== host funguz base o=Something, c=NL =================================================== etc/pam_ldap.conf: =================================================== host funguz base o=Something, c=NL # Use the V3 protocol to optimize searches ldap_version 2 # Filter to AND with uid=%s pam_filter objectclass=account # The user ID attribute (defaults to uid) pam_login_attribute uid #Group to enforce membership of #pam_groupdn cn=PAM,ou=Groups,dc=example,dc=net # Group member attribute #pam_member_attribute uniquemember # Hash password locally; required for University of # Michigan LDAP server, and works with Netscape # Directory Server if you're using the UNIX-Crypt # hash mechanism and not using the NT Synchronization # service. pam_crypt local =================================================== /etc/pam.d/other: =================================================== auth sufficient pam_unix.so auth required pam_ldap.so use_first_pass account sufficient pam_unix.so account required pam_ldap.so password sufficient pam_unix.so password required pam_ldap.so try_first_pass session required pam_unix.so =================================================== you should modify all the files in /etc/pam.d/ as like my /etc/pam.d/other. Other example: /etc/pam.d/login: =================================================== auth requisite pam_securetty.so auth required pam_nologin.so auth required pam_env.so auth sufficient pam_unix.so nullok auth required pam_ldap.so use_first_pass account sufficient pam_unix.so account required pam_ldap.so session required pam_unix.so session optional pam_lastlog.so session optional pam_motd.so session optional pam_mail.so standard noenv password required pam_cracklib.so retry=3 minlen=6 difok=3 password sufficient pam_unix.so use_authtok nullok md5 shadow password required pam_ldap.so try_first_pass =================================================== Well, one other word to say: improvise! good luck! CBL.
