Problems with LDAP authentication

[caspersgrin]

Hi,

I just installed FC7 on a new server and enabled LDAP authentication. It wasn't working and wasn't giving me any useful logs so I finally installed wireshark to sniff the line -- at least I could discover what was going over to the LDAP server.

What I found was that the seachfilter was '(&object class=posixAccount)(uid=xxx))'. We do not use the posixAccount object class, which means the search fails and consequently, the login fails. I changed the line in /etc/ldap.conf from "pam_filter objectclass=posixAccount" to "pam_filter objectclass=linfieldPerson" (a locally defined objectClass that includes the posixAccount attributes). Sniffed again and the searchfilter still included "objectclass=posixAccount". I even tried rebooting and checked again with the same results.

So where do I change it if changing the line in /etc/ldap.conf has no effect?

Thanks,
Rob

[Xzander79]

Presumably you are trying to authenticate against an Active directory structure?
I have never found that the authentication wizard actually worked for me. But I found this site ( http://blog.scottlowe.org/2007/01/15...ion-version-4/ ) to be most useful for the task and it actually works using kerberos, openladp and samba. I have built roughly 10 servers and workstations using this method and seems to work quite well.

The authentication against the AD works seemlessly along with browsing your network and still having your AD permissions in place.

If you have any issues you can PM me and I'll help you as much as I can.
Xzander.