Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 18 Apr 2009 00:15:13 +0200
From:      Emiel van de Laar <emiel@vandelaar.name>
To:        Panos <panosx13@gmail.com>
Cc:        freebsd-questions@FreeBSD.org
Subject:   Re: PAM-SSH-LDAP problem
Message-ID:  <A801857E-A18F-461C-95EB-6A6149AFE731@vandelaar.name>
In-Reply-To: <49E8EEF9.5090801@gmail.com>
References:  <49E8EEF9.5090801@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 


On Apr 17, 2009, at 11:04 PM, Panos wrote:

> hello I'm trying to setup an ldap for authenticating users.
> I think that the ldap server is ok
> but ssh gives me an error PAM authntication error illigal user XXX  
> from XXX.XXX.XXX.XXX
> I think that something is wrong when pam-ldap is quering tο ldap.
> Fisrt I thounght that was acl problem so I tried something like this  
> access * by * write
> full access to alla but nothing.
> When I'm using phpldadmin to connet to ldap I have no problem,

[snip]

> Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 fd=11 ACCEPT from  
> IP=127.0.0.1:51667 (IP=0.0.0.0:389)
> Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 BIND  
> dn="cn=manager,dc=something,dc=something,dc=something" method=128
> Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 BIND  
> dn="cn=manager,dc=something,dc=something,dc=something" mech=SIMPLE  
> ssf=0
> Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 RESULT tag=97 err=0  
> text=
> Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=1 SRCH  
> base="ou=users,dc=something,dc=something,dc=something" scope=2  
> deref=0 filter="(&(?objectClass=possixAccount)(uid=ldap_test))"
> Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=1 SEARCH RESULT  
> tag=101 err=0 nentries=0 text=value does not conform to assertion  
> syntax
> Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 fd=11 closed (connection  
> lost)

I suggest you have a look at the LDAP filter.

The log above shows:

(&(?objectClass=possixAccount)(uid=ldap_test))

While I expect something like:

(&(objectClass=possixAccount)(uid=ldap_test))

i.e. remove the '?'.

Regards,

  - Emiel

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A801857E-A18F-461C-95EB-6A6149AFE731>