LDAP Error: ldap_search_s No such object [solved]

[eunuque]

Hi all,

I've followed the "Gentoo Guide to OpenLDAP Authentication",
http://www.gentoo.org/doc/en/ldap-howto.xml

But at the end the getent passwd|grep 0:0 command returned me a single
line. So I tried to keep things simple...

I emerged openldap, migrationtools, pam_ldap, and nss_ldap (my USE flag contains ldap and pam).
The versions I use are:
openldap-2.1.30-r4
migrationtools-46
pam-0.77-r4
pam_ldap-176
nss_ldap-226

My configuration is the following:

/etc/openldap/sldap.conf:

Code: Select all

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema


#######################################################################
# ldbm database definitions
#######################################################################

database        ldbm
suffix          "dc=shacknet,dc=nu"
rootdn          "cn=Manager,dc=shacknet,dc=nu"
rootpw          secret
directory       /var/lib/openldap-ldbm
# Indices to maintain
index   objectClass     eq

/etc/ldap.conf:

Code: Select all

BASE         dc=shacknet, dc=nu
URI            ldap://dieu.shacknet.nu

/etc/pam.d/system-auth:

Code: Select all

auth       required        /lib/security/pam_env.so
auth       sufficient  /lib/security/pam_ldap.so use_first_pass
auth       sufficient  /lib/security/pam_unix.so likeauth nullok nodelay
auth       required        /lib/security/pam_deny.so

account    sufficient  /lib/security/pam_unix.so
account    sufficient  /lib/security/pam_ldap.so
account    required        /lib/security/pam_deny.so

password   required        /lib/security/pam_cracklib.so retry=3
password   sufficient  /lib/security/pam_unix.so nullok md5 shadow use_authtok
password   sufficient  /lib/security/pam_ldap.so use_authtok
password   required        /lib/security/pam_deny.so

session    required        /lib/security/pam_limits.so
session    required        /lib/security/pam_unix.so
session    required    /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0
session    optional    /lib/security/pam_ldap.so

/etc/nsswitch.conf:

Code: Select all

passwd:         files ldap
group:          files ldap
shadow:         files ldap

hosts:       files dns
networks:    files dns

services:    db files
protocols:   db files
rpc:         db files
ethers:      db files
netmasks:    files
netgroup:    files
bootparams:  files

automount:   files
aliases:     files

I used migrationtools to convert my system info into the LDAP database.

When logging in, LDAP says (auth.log):
pam_ldap: ldap_search_s No such object


However, ldapsearch -x 'uid=myuser' gives my correct info...


Any help?

[UberLord]

/etc/ldap.conf needs a little more info

Code: Select all

pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute gidNumber
nss_base_passwd dc=development,dc=ltl?sub
nss_base_shadow dc=development,dc=ltl?sub
nss_base_group  ou=Groups,dc=development,dc=ltl?one

[eunuque]

Thanks!!!
I added the following lines in /etc/ldap.conf:

Code: Select all

pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute gidNumber
nss_base_passwd dc=shacknet,dc=nu
nss_base_shadow dc=shacknet,dc=nu
nss_base_group  ou=Groups,dc=shacknet,dc=nu 

And now it works.

[eunuque]

Also note that my default /etc/pam.d/sshd configuration file did NOT worked with LDAP.

Here is the line I added:

Code: Select all

#%PAM-1.0

auth       required     pam_nologin.so
auth       sufficient   pam_ldap.so                          <<<<<<< LINE ADDED <<<<<<
auth       required     pam_stack.so service=system-auth
auth       required     pam_shells.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth