[opensuse] How to unlink LDAP from PAM?
After switching from LDAP to local and deleting LDAP files I'm getting a PAM error as following on bottom. In which scrypt do I unlink LDAP from PAM? Beside this there is no problem with PAM, but such logs drive me crazy. Thx Jan # tail /var/log/messages: Jun 15 09:54:08 server su: PAM unable to dlopen(/lib/security/pam_ldap.so) Jun 15 09:54:08 server su: PAM [error: /lib/security/pam_ldap.so: Kann die Shared-Object-Datei nicht öffnen: Datei oder Verzeichnis nicht gefunden] (Shared Object File can not be opened) Jun 15 09:54:08 server su: PAM adding faulty module: /lib/security/pam_ldap.so Jun 15 09:54:16 server su: PAM unable to dlopen(/lib/security/pam_ldap.so) Jun 15 09:54:16 server su: PAM [error: /lib/security/pam_ldap.so: Kann die Shared-Object-Datei nicht öffnen: Datei oder Verzeichnis nicht gefunden](Shared Object File can not be opened) Jun 15 09:54:16 server su: PAM adding faulty module: /lib/security/pam_ldap.so -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
You have deleted them by yourself instead of uninstalling specific package? Well, you should stop deleting system files, it's direct and proven road to the burning hell. Anyway, such thing would be easily accomplished using yast (Network services -> LDAP client and then select "do not use LDAP"), without need to manually touch anything. However, if you fiddled with those things manually, this way might not work anymore. Therefore check files in /etc/pam.d/ for pam_ldap and comment out (by placing # at the very beginning) such lines rather than delete them. Also edit /etc/nsswitch.conf and make sure that it reads (among others) passwd: files group: files shadow: files For LDAP, it's usually in this form: passwd: compat group: compat This should do the trick. Tosuja Jan Tiggy wrote:
After switching from LDAP to local and deleting LDAP files I'm getting a PAM error as following on bottom. In which scrypt do I unlink LDAP from PAM? Beside this there is no problem with PAM, but such logs drive me crazy.
Thx Jan
# tail /var/log/messages:
Jun 15 09:54:08 server su: PAM unable to dlopen(/lib/security/pam_ldap.so) Jun 15 09:54:08 server su: PAM [error: /lib/security/pam_ldap.so: Kann die Shared-Object-Datei nicht öffnen: Datei oder Verzeichnis nicht gefunden] (Shared Object File can not be opened) Jun 15 09:54:08 server su: PAM adding faulty module: /lib/security/pam_ldap.so Jun 15 09:54:16 server su: PAM unable to dlopen(/lib/security/pam_ldap.so) Jun 15 09:54:16 server su: PAM [error: /lib/security/pam_ldap.so: Kann die Shared-Object-Datei nicht öffnen: Datei oder Verzeichnis nicht gefunden](Shared Object File can not be opened) Jun 15 09:54:16 server su: PAM adding faulty module: /lib/security/pam_ldap.so
-- Petr "Tosuja" Klíma Mail: tosuja@tosuja.info Web: www.tosuja.info ICQ: 52057532 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Petr Klíma wrote:
You have deleted them by yourself instead of uninstalling specific package? Well, you should stop deleting system files, it's direct and proven road to the burning hell.
Hi Petr, LOL, I'm not that good to delete all those files manually. Sorry for being confusing! However after using Yast2 to switch from LDAP to local and deleting all LDAP stuff via its packet manager(in hope, it will fix PAM's error output in the logs), I still had PAM pointing to LDAP: /etc/pam.d # grep -i 'pam_ldap' * common-account:account required pam_ldap.so use_first_pass common-account-pc:account required pam_ldap.so use_first_pass common-auth:auth required pam_ldap.so use_first_pass common-auth-pc:auth required pam_ldap.so use_first_pass common-password:password required pam_ldap.so try_first_pass use_authtok common-password-pc:password required pam_ldap.so try_first_pass use_authtok common-session:session optional pam_ldap.so common-session-pc:session optional pam_ldap.so
Anyway, such thing would be easily accomplished using yast (Network services -> LDAP client and then select "do not use LDAP"), without need to manually touch anything. However, if you fiddled with those things manually, this way might not work anymore. Therefore check files in /etc/pam.d/ for pam_ldap and comment out
Now is everything OK. Thank you very much for that! Jan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (2)
-
Jan Tiggy
-
Petr Klíma