Software
 » 
LDAP
 » 
PADL Lists
 » 
PAM LDAP

Issues while authenticating a user over openLDAP through C progarm using PAM

View: New views
3 Messages — Rating Filter:   Alert me  

Issues while authenticating a user over openLDAP through C progarm using PAM

by Vikrant :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hi all

I am using openLDAP 2.3.32 on RHEL 4.

I have configured PAM to have the authentication over LDAP. SSH and su work fine and authenticate the users over LDAP. But when tried to authenticate user through C code using Linux_PAM API, it fails.

Here are the LDAP logs when tried it through SSH or su


conn=2 fd=12 ACCEPT from IP=135.27.151.4:54980 (IP=0.0.0.0:389)
conn=2 op=0 BIND dn="" method=128
conn=2 op=0 RESULT tag=97 err=0 text=
conn=2 op=1 SRCH base="ou=people,dc=avaya,dc=com" scope=2 deref=0 filter="(uid=admin)"
conn=2 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=3 fd=15 ACCEPT from IP=135.27.151.4:54981 (IP=0.0.0.0:389)
conn=2 op=2 UNBIND
conn=2 fd=12 closed ()
conn=3 op=0 BIND dn="" method=128
conn=3 op=0 RESULT tag=97 err=0 text=
conn=3 op=1 SRCH base="ou=people,dc=avaya,dc=com" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=admin))"
conn=3 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=3 op=2 SRCH base="ou=people,dc=avaya,dc=com" scope=2 deref=0 filter="(&(objectClass=posixGroup)(|(memberUid=admin)(uniqueMember=uid=admin,ou=people,dc=avaya,dc=com)))"
conn=3 op=2 SRCH attr=gidNumber
conn=3 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=3 fd=15 closed (connection lost)

And the user is successfully authenticated

But when tried it through C program using Linux_PAM API, I get the following logs

conn=5 fd=12 ACCEPT from IP=135.27.151.4:54986 (IP=0.0.0.0:389)
conn=5 op=0 BIND dn="" method=128
conn=5 op=0 RESULT tag=97 err=0 text=
conn=5 op=1 SRCH base="ou=people,dc=avaya,dc=com" scope=2 deref=0 filter="(uid=admin)"
conn=5 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=5 op=2 UNBIND
conn=5 fd=12 closed ()

And the authentication is failed for the same user. The PAM service which is started in C program has got the similar specs as that of "su", i.e it is configured for LDAP.

Not sure what is going wrong above


Re: Issues while authenticating a user over openLDAP through C progarm using PAM

by Wes Rogers :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Is said C program using getpwnam, getpwuid, etc?

If so, try running nscd then authenticating again.

On 7/25/07, Vikrant <gatne@...> wrote:

>
> Hi all
>
> I am using openLDAP 2.3.32 on RHEL 4.
>
> I have configured PAM to have the authentication over LDAP. SSH and su work
> fine and authenticate the users over LDAP. But when tried to authenticate
> user through C code using Linux_PAM API, it fails.
>
> Here are the LDAP logs when tried it through SSH or su
>
>
> conn=2 fd=12 ACCEPT from IP=135.27.151.4:54980 (IP=0.0.0.0:389)
> conn=2 op=0 BIND dn="" method=128
> conn=2 op=0 RESULT tag=97 err=0 text=
> conn=2 op=1 SRCH base="ou=people,dc=avaya,dc=com" scope=2 deref=0
> filter="(uid=admin)"
> conn=2 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
> conn=3 fd=15 ACCEPT from IP=135.27.151.4:54981 (IP=0.0.0.0:389)
> conn=2 op=2 UNBIND
> conn=2 fd=12 closed ()
> conn=3 op=0 BIND dn="" method=128
> conn=3 op=0 RESULT tag=97 err=0 text=
> conn=3 op=1 SRCH base="ou=people,dc=avaya,dc=com" scope=2 deref=0
> filter="(&(objectClass=posixAccount)(uid=admin))"
> conn=3 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
> conn=3 op=2 SRCH base="ou=people,dc=avaya,dc=com" scope=2 deref=0
> filter="(&(objectClass=posixGroup)(|(memberUid=admin)(uniqueMember=uid=admin,ou=people,dc=avaya,dc=com)))"
> conn=3 op=2 SRCH attr=gidNumber
> conn=3 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
> conn=3 fd=15 closed (connection lost)
>
> And the user is successfully authenticated
>
> But when tried it through C program using Linux_PAM API, I get the following
> logs
>
> conn=5 fd=12 ACCEPT from IP=135.27.151.4:54986 (IP=0.0.0.0:389)
> conn=5 op=0 BIND dn="" method=128
> conn=5 op=0 RESULT tag=97 err=0 text=
> conn=5 op=1 SRCH base="ou=people,dc=avaya,dc=com" scope=2 deref=0
> filter="(uid=admin)"
> conn=5 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
> conn=5 op=2 UNBIND
> conn=5 fd=12 closed ()
>
> And the authentication is failed for the same user. The PAM service which is
> started in C program has got the similar specs as that of "su", i.e it is
> configured for LDAP.
>
> Not sure what is going wrong above
>
>
> --
> View this message in context: http://www.nabble.com/Issues-while-authenticating-a-user-over-openLDAP-through-C-progarm-using-PAM-tf4141019.html#a11779210
> Sent from the PAM LDAP mailing list archive at Nabble.com.
>
>

RE: Issues while authenticating a user over openLDAP through C progarm using PAM

by Vikrant :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Thanks Wes for your reply.

But the issue is fixed now. I changed my conversation function and it
started working well.

Cheers,
Vikrant

-----Original Message-----
From: owner-pamldap@... [mailto:owner-pamldap@...] On Behalf
Of Wes Rogers
Sent: Monday, August 06, 2007 10:08 PM
To: pamldap@...
Subject: Re: [pamldap] Issues while authenticating a user over openLDAP
through C progarm using PAM

Is said C program using getpwnam, getpwuid, etc?

If so, try running nscd then authenticating again.

On 7/25/07, Vikrant <gatne@...> wrote:
>
> Hi all
>
> I am using openLDAP 2.3.32 on RHEL 4.
>
> I have configured PAM to have the authentication over LDAP. SSH and su

> work fine and authenticate the users over LDAP. But when tried to
> authenticate user through C code using Linux_PAM API, it fails.
>
> Here are the LDAP logs when tried it through SSH or su
>
>
> conn=2 fd=12 ACCEPT from IP=135.27.151.4:54980 (IP=0.0.0.0:389)
> conn=2 op=0 BIND dn="" method=128
> conn=2 op=0 RESULT tag=97 err=0 text=
> conn=2 op=1 SRCH base="ou=people,dc=avaya,dc=com" scope=2 deref=0
> filter="(uid=admin)"
> conn=2 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
> conn=3 fd=15 ACCEPT from IP=135.27.151.4:54981 (IP=0.0.0.0:389)
> conn=2 op=2 UNBIND
> conn=2 fd=12 closed ()
> conn=3 op=0 BIND dn="" method=128
> conn=3 op=0 RESULT tag=97 err=0 text=
> conn=3 op=1 SRCH base="ou=people,dc=avaya,dc=com" scope=2 deref=0
> filter="(&(objectClass=posixAccount)(uid=admin))"
> conn=3 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
> conn=3 op=2 SRCH base="ou=people,dc=avaya,dc=com" scope=2 deref=0
>
filter="(&(objectClass=posixGroup)(|(memberUid=admin)(uniqueMember=uid=a
dmin,ou=people,dc=avaya,dc=com)))"

> conn=3 op=2 SRCH attr=gidNumber
> conn=3 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
> conn=3 fd=15 closed (connection lost)
>
> And the user is successfully authenticated
>
> But when tried it through C program using Linux_PAM API, I get the
> following logs
>
> conn=5 fd=12 ACCEPT from IP=135.27.151.4:54986 (IP=0.0.0.0:389)
> conn=5 op=0 BIND dn="" method=128
> conn=5 op=0 RESULT tag=97 err=0 text=
> conn=5 op=1 SRCH base="ou=people,dc=avaya,dc=com" scope=2 deref=0
> filter="(uid=admin)"
> conn=5 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
> conn=5 op=2 UNBIND
> conn=5 fd=12 closed ()
>
> And the authentication is failed for the same user. The PAM service
> which is started in C program has got the similar specs as that of
> "su", i.e it is configured for LDAP.
>
> Not sure what is going wrong above
>
>
> --
> View this message in context:
> http://www.nabble.com/Issues-while-authenticating-a-user-over-openLDAP
> -through-C-progarm-using-PAM-tf4141019.html#a11779210
> Sent from the PAM LDAP mailing list archive at Nabble.com.
>
>

Free Forum Powered by Nabble Forum Help