ldap authentication problems

David L idht4n at gmail.com
Thu May 6 21:59:59 UTC 2010

I'm trying to authenticate with ldap on f13 using the same ldap.conf I'm using
successfully on f12.  But it doesn't like my password and I see a message like
this in /var/log/secure:

May  6 14:37:22 empire su: pam_sss(su:auth): received for user foo: 10
(User not known to the underlying authentication module)

Any ideas what the problem might be?  My /etc/ldap.conf looks something
like this:

uri ldap://
base dc=mydomain,dc=mycompany,dc=com
binddn cn=ldap,cn=users,dc=mydomain,dc=mycompany,dc=com
bindpw theBindPw
timelimit 120
bind_timelimit 120
bind_policy soft
idle_timelimit 3600
pam_filter objectclass=user
nss_base_passwd         ou=People,dc=mydomain,dc=mycompany,dc=com?one
nss_base_shadow         ou=People,dc=mydomain,dc=mycompany,dc=com?one
nss_base_group          ou=SecurityGroups,dc=mydomain,dc=mycompany,dc=com?one
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon
nss_map_objectclass posixAccount User
nss_map_objectclass shadowAccount User
nss_map_attribute uid sAMAccountName
nss_map_attribute uidNumber msSFU30UidNumber
nss_map_attribute gidNumber msSFU30GidNumber
nss_map_attribute loginShell msSFU30LoginShell
nss_map_attribute gecos name
nss_map_attribute userPassword msSFU30Password
nss_map_attribute homeDirectory msSFU30HomeDirectory
nss_map_objectclass posixGroup Group
nss_map_attribute memberUid msSFU30MemberUid
nss_map_attribute cn cn
pam_login_attribute sAMAccountName
pam_member_attribute msSFU30PosixMember
pam_filter objectclass=User
pam_password ad
ssl no
tls_cacertdir /etc/openldap/cacerts



More information about the test mailing list