On Tuesday 31 August 2010 21:18:15 James Pifer wrote:
I'm trying to setup ldap authentication to eDirectory. I'm actually doing it on SLES11, but hoping someone here can give me a hand. I'm getting an error when I try to ssh as a user that only exists in ldap, not locally. I've found a lot of references to this error, but have not found a solution that works for my situation.
First, the error I see in the log is: pam_ldap: error trying to bind as user "cn=myid,ou=my ou,o=root" (Invalid credentials)
I can successfully bind to ldap using ldapsearch and ldapbrowser from sles11, so I know my credentials are correct.
Connection to ldap is not encrypted so I've captured all three logins using wireshark. The authentication value for the simple bind matches for ldapsearch and ldapbrowser, but is different coming from pam_ldap. So it seems like pam_ldap is sending the password different, maybe it's encrypting or something, don't know.
Have you looked at this? http://www.novell.com/communities/node/8438/troubleshooting-pamldap-against- edirectory-issues Note that I'm not really an edirectory guy, that's just what a quick search turned up. The bit about posixAccount I'm pretty sure is important, so if this is an existing pre-linux edirectory installation, maybe you've forgotten to add that Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org