[Fedora-directory-users] PAM pass through & ENTRY problem
Stipl, Stepan
sstipl at exstream.com
Thu Jan 4 10:20:01 UTC 2007
Hi,
I'm currently playing with Fedora DS - and I really like it :).
problem: I'm trying to use PAM pass through plugin -> pam_krb5 -> Active Directory/Kerberos
I'm able t get this working fine, with pamIDMapMethod set to RDN, but not set to ENTRY with apropriate pamIDAttr set.
With disabled PAM PT plugin, I'm able to do simple bind to given object.
With enabled PAM PT plugin, set to RDN I'm able to do bind with password stored in Kerberos, and with allowed pamFallback also with password stored in Fedora DS.
And finally with PAM PT plugin enabled and set to ENTRY and attribute specified in pamIDAttr - I'm unable to do bind with Kerberos password, only with simple bind pass. stored in Fedora DS if pamFallback is enabled.
errors log with debuglevel set for plugins debugging:
[04/Jan/2007:11:13:40 +0100] pam_passthru-plugin - => pam_passthru_bindpreop
[04/Jan/2007:11:13:40 +0100] - allow_operation: component identity is NULL
[04/Jan/2007:11:13:40 +0100] pam_passthru-plugin - Could not find BIND dn cn=xxx,ou=users,dc=xxx,dc=com (error 32 - No such object)
[04/Jan/2007:11:13:40 +0100] pam_passthru-plugin - Bind DN [cn=xxx,ou=users,dc=xxx,dc=com] is invalid or not found
[04/Jan/2007:11:13:40 +0100] pam_passthru-plugin - <= handled (error 32 - No such object)
The message looks strange to me, because bind DN cn=xxx,ou=users,dc=xxx,dc=com exists and I'm able to do bind to it with password stored in Fedora DS.
So please if you see where I'm wrong or have any ideas, suggestion please help, if I won't be able to solve this, it'll unfortunatey prevent me from deploying Fedora DS :(.
thanks,
.stepan
More information about the 389-users
mailing list