On Fri, Jun 24, 2005 at 04:28:42PM +0100, Billy Allan wrote: > However.... ;-) I'm trying to get a Linux client (SuSe 9.2) to > authenticate against the directory, but keep seeing : > > Jun 24 16:35:33 xxxxxxxx sshd[780]: pam_ldap: ldap_search_s No such object > Jun 24 16:35:33 xxxxxxxx sshd[775]: error: PAM: User not known to the > underlying authentication module for illegal user testeroo from xxxxxxxx A "no such object" error suggests that the base DN for the search is either not there or inaccessible to the client. > I can search the directory from the client (I can get Thunderbird to use > it as the addressbook for instance). I guess that rules out the "object isn't there" theory. Are your Thunderbird users authenticating to the directory? The pam_ldap module needs to convert the user name to the distinguished name of an entry in the directory server before it can attempt to bind to that entry with the user's password, so you need to provide the ability to locate an entry using its "uid" attribute in order for things to work. HTH, Nalin
