Bug 176211 - Unable to authenticate using to LDAP using Pam (such ssh)
Unable to authenticate using to LDAP using Pam (such ssh)
Product: 389
Classification: Community
Component: Directory Server (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Rich Megginson
Orla Hegarty
Depends On:
  Show dependency treegraph
Reported: 2005-12-20 04:40 EST by Colin Tan
Modified: 2008-08-11 19:43 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-01-23 17:29:40 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Colin Tan 2005-12-20 04:40:45 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

Description of problem:
Using information from the Howto:PAM configuration, I get en error in /var/log/messages from pam_unix on authentication failure. I am able to login from
the console or website. Crucial information is missing as to what the pam_password settings should be in the ldap.conf and how the server settings to enable this to work are.

I have tried with a null password and this doesn't work. (By clearing the passwd in the field)

I know this is a configuration problem but I just can't get enough debug info the try to understand it (setting pam_unix debug doesn't work) I am using FC-4

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Follow PAM Howto
2.SSH into server with LDAP only account

Actual Results:  Login fails

Expected Results:  Able to Login

Additional info:
Comment 1 Colin Tan 2005-12-20 04:41:41 EST
Can't figure out where slpad.conf on Directory Server
Comment 2 Rich Megginson 2005-12-20 10:11:00 EST
There is no slapd.conf on Directory Server.  Configuration of Fedora Directory
Server is completely different than OpenLDAP.  The main configuration file for
Fedora DS is /opt/fedora-ds/slapd-yourhost/config/dse.ldif.  Be warned that if
you edit this file while the server is running, your changes will be lost. 
Server configuration should be done via the console or by using ldapmodify under
cn=config.  If you must edit the file, be sure to stop the server first.  If the
server fails to start or crashes after you make your change, you can revert to
dse.ldif.bak or dse.ldif.startOK or even dse_original.ldif if none of those work.
Comment 3 Rich Megginson 2005-12-20 10:23:32 EST
I'm not really sure what the problem is.  You should post a question to
fedora-directory-users@redhat.com - there are some PAM/ssh experts there who
should be able to assist you.  You will first have to go to
and follow the directions to sign up for fedora-directory-users before you will
be able to post and read your replies.
Comment 4 Chandrasekar Kannan 2008-08-11 19:43:35 EDT
Bug already CLOSED. setting screened+ flag

Note You need to log in before you can comment on or make changes to this bug.