Debian Jessie (specifically, Debian Server Wheezy x64 with testing repos)
OpenLDAP 2.4.39
libpam-ldapd 0.9.4-1
Upon installing libpam-ldapd, the dpkg configuration asked for my LDAP address information (ldapi:\\localhost) and correctly detected my server base.
I've tried to follow the Debian Wiki articles, but there are references to files that do not exist and scant information to indicate how I might be sure LDAP is being consulted.
I have OpenLDAP configured and the inetorgperson and NIS schemas loaded. The users ought to have all the correct attributes. Right now, I'm just trying to determine if LDAP is even being consulted, because it seems it isn't.
Best Answer
When you run
getent passwd
, do you see your LDAP users listed? If not, make surelibnss-ldapd
is installed, and rundpkg-reconfigure libnss-ldapd
and make sure at least thepasswd
database is enabled (and you'll probably wantgroup
andshadow
as well, sooner or later).If
getent passwd
mentions your LDAP users but you can't auth as one, runpam-auth-update
and make sure LDAP authentication is enabled andnslcd
is running.If
nscd
(or some variant such asunscd
) is installed, I suggest stopping it while troubleshooting as it could return cached inaccurate data.Information about what
pam_ldap
is up to is logged to/var/log/auth.log
; information about whatnslcd
is up to is logged to/var/log/syslog
; and on theslapd
side, turning the log level up tostats
will let you see the actual queriesnslcd
is issuing, whether they were successful, and the number of results returned.Hope that helps!