LDAP authentication with PAM

Discuss the Scalix Server software

Moderators: ScalixSupport, admin

frankv
Posts: 15
Joined: Tue Apr 18, 2006 6:09 pm

LDAP authentication with PAM

Postby frankv » Tue Apr 18, 2006 6:39 pm

I know the subject has been discussed and there's a nice HOW-TO file that should make things pretty straightforward, but for some reason, I can't get LDAP password authentication to work.

Server is SLES 9 and LDAP server is eDirectory on Netware 6.5. I have another PAM authenticating to the Novell server (for my Linux users) and it works fine.

Here's my config files

om_ldap.conf
----------------------
tls=off
host=westmount.gfaga.com
search=subtree
base=o=gfaga
filter=uid=%s

ual.remote
-----------------------------
# everything else is commented
auth sufficient om_ldap
auth sufficient om_auth
auth required pam_deny
account required om_auth
password required om_auth
session required om_auth

uid is my unique field

- I create a user through the admin interface and I can access it (with webmail)
- I add the value for uniqueness using
ommodu -o "Francois Villeneuve" -- auhid frankv
with ."Francois Villeneuve" being the user I created through admin and frankv being my uid in the Novell LDAP

When I try to access the account from Webmail, it tells me that the user or password is incorrect.

I obviously did something wrong since I get the following error message in the IMAP deamon log

ERROR IMAP Server Da(IMAP Server Pr) 04.18.06 16:50:26
[OM 29260] PAM unable to resolve symbol: pam_sm_chauthtok
User Name: Francois Villeneuve / linux, dyndns/CN=Francois Villeneuve

Thanks in advance!
-

ScalixSupport
Scalix
Scalix
Posts: 5503
Joined: Thu Mar 25, 2004 8:15 pm

Postby ScalixSupport » Tue Apr 18, 2006 6:58 pm

Can you post the entire contents of ual.remote ? The error you are seeing is usally because the line

Code: Select all

password optional om_ldap
is present.

Cheers

Dave

frankv
Posts: 15
Joined: Tue Apr 18, 2006 6:09 pm

Postby frankv » Tue Apr 18, 2006 11:46 pm

OK, I did what you said. No more message in the log, but I STILL couldn't log.

So I did a trace of the LDAP process on the Netware machine.

Each time I did an unsucessful attempt, it gave the following message.

Rejecting unencrypted bind on cleartext port in nds_back_bind, err = 13

So I uncheck the "Require TLS for Simple Binds with Password" in LDAP group in iManager, and it did the trick!

Hope it can help someone in the future.

Thanks!

Valerion
Scalix Star
Scalix Star
Posts: 2730
Joined: Thu Feb 26, 2004 7:40 am
Location: Johannesburg, South Africa
Contact:

Postby Valerion » Wed Apr 19, 2006 4:12 am

Just a quick sidenote:

frankv wrote:Rejecting unencrypted bind on cleartext port in nds_back_bind, err = 13

So I uncheck the "Require TLS for Simple Binds with Password" in LDAP group in iManager, and it did the trick!


Your original post states

frankv wrote:om_ldap.conf
----------------------
tls=off
host=westmount.gfaga.com
search=subtree
base=o=gfaga
filter=uid=%s


I'll be willing to bet that if you change the "tls" setting to "required" or to "on" you can re-enable "Require TLS for Simple Binds with Password".

ScalixSupport
Scalix
Scalix
Posts: 5503
Joined: Thu Mar 25, 2004 8:15 pm

Postby ScalixSupport » Wed Apr 19, 2006 5:15 am

Hi valerion,

it does not mean anything, but congratulations to the 10.000th post ;-)

Cheers,

Sascha.

frankv
Posts: 15
Joined: Tue Apr 18, 2006 6:09 pm

Postby frankv » Wed Apr 19, 2006 8:48 am

Valerion wrote:I'll be willing to bet that if you change the "tls" setting to "required" or to "on" you can re-enable "Require TLS for Simple Binds with Password".


That would seem logical, but I tried it without the TLS=off in om_ldpa.conf conf and "Require TLS for Simple Binds with Password" checked in Novell LDAP and it wouldn't work.

Why do you say it doesn't mean anything Sasha?


Return to “Scalix Server”



Who is online

Users browsing this forum: No registered users and 14 guests