Howdy... my turn for a question.
I'm trying to set up ldap user authentication on a server and am not able to get logged in. I've go so far with the config and i can successfully bind to AD, find my desired user and try to rebind using that user account, however i can see from the tcpdumps of the traffic that ldap is trying to authenticate me with a valid DN but a password of "...INCORRECT" which is blatantly not what i'm typing in. i have the pam_password set to ad in the ldap.conf and i am using the right authentication schema, but that password just comes across as that odd, and clearly very deliberate, "INCORRECT" string. any clues if this is something with pam or what?
this is based on my understanding that you use a service account to find the desired user within ldap and then trying to access the directory again by authenticating with the given users credentials. I assume that the users password is never supposed to be passed into the client at all.
my ldap.conf looks like this here...
Code:
host 10.224.2.21
base OU=Admins,dc=example,dc=net
binddn CN=user,dc=example,dc=net
bindpw password
scope sub
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_attribute uid sAMAccountName
nss_map_objectclass posixGroup group
nss_map_attribute uniqueMember member
pam_login_attribute sAMAccountName
pam_filter objectclass=User
pam_password ad
ssl no
