Debian – PAM Authentication with LDAP on Debian Jessie Not Finding LDAP Users

debianopenldappam

Debian Jessie (specifically, Debian Server Wheezy x64 with testing repos)

OpenLDAP 2.4.39

libpam-ldapd 0.9.4-1

Upon installing libpam-ldapd, the dpkg configuration asked for my LDAP address information (ldapi:\\localhost) and correctly detected my server base.

I've tried to follow the Debian Wiki articles, but there are references to files that do not exist and scant information to indicate how I might be sure LDAP is being consulted.

I have OpenLDAP configured and the inetorgperson and NIS schemas loaded. The users ought to have all the correct attributes. Right now, I'm just trying to determine if LDAP is even being consulted, because it seems it isn't.

Best Answer

When you run getent passwd, do you see your LDAP users listed? If not, make sure libnss-ldapd is installed, and run dpkg-reconfigure libnss-ldapd and make sure at least the passwd database is enabled (and you'll probably want group and shadow as well, sooner or later).

If getent passwd mentions your LDAP users but you can't auth as one, run pam-auth-update and make sure LDAP authentication is enabled and nslcd is running.

If nscd (or some variant such as unscd) is installed, I suggest stopping it while troubleshooting as it could return cached inaccurate data.

Information about what pam_ldap is up to is logged to /var/log/auth.log; information about what nslcd is up to is logged to /var/log/syslog; and on the slapd side, turning the log level up to stats will let you see the actual queries nslcd is issuing, whether they were successful, and the number of results returned.

Hope that helps!

Related Topic