Steven Jones wrote: > 8><---- > > I would start with the Fedora DS access log. See if ssh is making a > connection to Fedora DS, if so, see what types of operations are being > sent, and the responses to those operations. For searches, see what the > > base DN, filter, and attributes being requested are. > > This helped.....the ldapsearch was being logged but the pam search was > not so.... > > I blew away /etc/ldap.conf and sym linked it to /etc/openldap/ldap.conf, > then blindly added these lines to its somewhat short form, > > ======= > scope sub > suffix "dc=vuw,dc=ac,dc=nz" > #TLS_CACERTDIR /etc/openldap/cacerts > pam_password exop > ldap_version 3 > pam_filter objectclass=posixAccount > pam_login_attribute uid > pam_member_attribute memberuid > nss_base_passwd ou=Computers,dc=cognifide,dc=pl > nss_base_passwd ou=People,dc=cognifide,dc=pl > nss_base_shadow ou=People,dc=cognifide,dc=pl > nss_base_group ou=Group,dc=cognifide,dc=pl > nss_base_hosts ou=Hosts,dc=cognifide,dc=pl > =========== > > The log now shows, > > 8><----- > PosixAccount)(uid=root))" attrs=ALL > [11/Sep/2007:10:01:01 +1200] conn=200 op=2 RESULT err=32 tag=101 > nentries=0 etime=0 > [11/Sep/2007:10:01:01 +1200] conn=200 op=2 RESULT err=32 tag=101 > nentries=0 etime=0 > [11/Sep/2007:10:01:01 +1200] conn=200 op=3 SRCH > base="ou=Group,dc=cognifide,dc=pl" scope=2 > filter="(&(objectClass=posixGroup)(memberUid=root))" attrs="gidNumber" > [11/Sep/2007:10:01:01 +1200] conn=200 op=3 RESULT err=32 tag=101 > nentries=0 etime=0 > [11/Sep/2007:10:01:01 +1200] conn=200 op=3 RESULT err=32 tag=101 > nentries=0 etime=0 > [11/Sep/2007:10:01:01 +1200] conn=200 op=-1 fd=67 closed error 104 > (Connection reset by peer) - TCP connection reset by peer. > > So pam is now actually querying the LDAP server it seems, it is not > getting it right but it's a small step. > err=32 means no such object. That is, ou=Group,dc=cognifide,dc=pl does not exist. In your file above, you have suffix "dc=vuw,dc=ac,dc=nz" Do you have ou=Groups,dc=vuw,dc=ac,dc=nz ? > I would seem to need to do some config around this area, > > # > # LDAP Defaults > # > > > # See ldap.conf(5) for details > # This file should be world readable but not world writable. > > > #BASE dc=example, dc=com > #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 > > > #SIZELIMIT 12 > #TIMELIMIT 15 > #DEREF never > HOST 130.195.87.249 > BASE dc=vuw,dc=ac,dc=nz > ssl no > scope sub > suffix "dc=vuw,dc=ac,dc=nz" > #TLS_CACERTDIR /etc/openldap/cacerts > pam_password exop > ldap_version 3 > pam_filter objectclass=posixAccount > pam_login_attribute uid > pam_member_attribute memberuid > nss_base_passwd ou=Computers,dc=cognifide,dc=pl > nss_base_passwd ou=People,dc=cognifide,dc=pl > nss_base_shadow ou=People,dc=cognifide,dc=pl > nss_base_group ou=Group,dc=cognifide,dc=pl > nss_base_hosts ou=Hosts,dc=cognifide,dc=pl > > > > As I still get no reply/successful login. > > Regards > > Steven > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20070910/a8cc4848/attachment.bin
