Hi, Here?s how my PAM PTA looks like. But id on;t think it is of much use. dn: cn=PAM Pass Through Auth,cn=plugins,cn=config nsslapd-pluginEnabled: on pamSecure: FALSE pamExcludeSuffix: o=NetscapeRoot pamExcludeSuffix: cn=config I don?t think the PTA will work against some other attribute which has same value as ?uid?. You may have to hack the filters under the hood to be able to achieve that. My first guess: If you use PAM-PTA, you still need some PAM module to specify the stack to be used for PTA. So you need ?ldapserver01? file enabled and there you define the translation of uid attribute to new attribute. I don?t know if this is do-able. Can you post some logs, which will tell where the block is. How are you specifying the master ldap server(server to authenticate)? -Prashanth ---------------------------- Hey thanks man. I have PAM PTA with krb working fine as well.. However..I am trying to pass through to another LDAP server, how can i go about doing that? The base of the tree on the other LDAP server is different i want to use it to authenticate the accounts. The other tree has the equivalent of the uid attribute in a different attribute. I think my service file (ldapserver) is off. Anyone have PAM PTA to another LDAP server working? An example perhaps? I am getting operations errors trying to use PAM PTA. I know the passwords are correct so I am doing something incorrectly. pam_passthru-plugin - => pam_passthru_bindpreop pam_passthru-plugin - pam msg [0] = 1 Password: pam_passthru-plugin - Error from PAM during pam_authenticate (6: Permission denied) pam_passthru-plugin - Unknown PAM error [Permission denied] for user id [test_user], bind DN [uid=test_user,dc=example,dc=com] pam_passthru-plugin - <= handled (error 1 - Operations error) Thanks again -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20100326/eae1907e/attachment.html
