Hi,
Here¹s how my PAM PTA looks like. But id on;t think it is of much use.
dn: cn=PAM Pass Through Auth,cn=plugins,cn=config
nsslapd-pluginEnabled: on
pamSecure: FALSE
pamExcludeSuffix: o=NetscapeRoot
pamExcludeSuffix: cn=config
I don¹t think the PTA will work against some other attribute which has same
value as uid¹. You may have to hack the filters under the hood to be able
to achieve that.
My first guess:
If you use PAM-PTA, you still need some PAM module to specify the stack to
be used for PTA. So you need ldapserver01¹ file enabled and there you
define the translation of uid attribute to new attribute. I don¹t know if
this is do-able.
Can you post some logs, which will tell where the block is. How are you
specifying the master ldap server(server to authenticate)?
-Prashanth
----------------------------
Hey thanks man.
I have PAM PTA with krb working fine as well..
However..I am trying to pass through to another LDAP server, how can i
go about doing that? The base of the tree on the other LDAP server is
different i want to use it to authenticate the accounts. The other
tree has the equivalent of the uid attribute in a different attribute.
I think my service file (ldapserver) is off. Anyone have PAM PTA to
another LDAP server working? An example perhaps?
I am getting operations errors trying to use PAM PTA. I know the
passwords are correct so I am doing something incorrectly.
pam_passthru-plugin - => pam_passthru_bindpreop
pam_passthru-plugin - pam msg [0] = 1 Password:
pam_passthru-plugin - Error from PAM during pam_authenticate (6:
Permission denied)
pam_passthru-plugin - Unknown PAM error [Permission denied] for user
id [test_user], bind DN [uid=test_user,dc=example,dc=com]
pam_passthru-plugin - <= handled (error 1 - Operations error)
Thanks again