From owner-freebsd-net@FreeBSD.ORG  Fri Jan 20 08:59:13 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A775616A41F
	for <freebsd-net@freebsd.org>; Fri, 20 Jan 2006 08:59:13 +0000 (GMT)
	(envelope-from amactaggart@hkis.edu.hk)
Received: from mail2.hkis.edu.hk (mail2.hkis.edu.hk [202.40.134.122])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1CD5443D45
	for <freebsd-net@freebsd.org>; Fri, 20 Jan 2006 08:59:12 +0000 (GMT)
	(envelope-from amactaggart@hkis.edu.hk)
Received: from localhost ([127.0.0.1]) by mail2.hkis.edu.hk
	for freebsd-net@freebsd.org; Fri, 20 Jan 2006 16:59:09 +0800
Received: from RBSMTPD1-MTA by rbsmtp1.hkis.edu.hk
	with Novell_GroupWise; Fri, 20 Jan 2006 16:59:09 +0800
Message-Id: <s3d116dd.077@rbsmtp1.hkis.edu.hk>
X-Mailer: Novell GroupWise Internet Agent 6.5.5 
Date: Fri, 20 Jan 2006 16:58:55 +0800
From: "Andrew MacTaggart" <amactaggart@hkis.edu.hk>
To: <freebsd-net@freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Subject: Re: nss_ldap and pam_ldap troubles
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jan 2006 08:59:13 -0000

Thanks Jorge for the debug

read1msg:  V2 referral chased, mark request completed, id = 1
new result:  res_errno: 32, res_error: <NDS error: no such entry
(-601)>, res_matched: <>
read1msg:  0 new referrals
read1msg:  mark request completed, id = 1
request 1 done
res_errno: 32, res_error: <NDS error: no such entry (-601)>,
res_matched: <>
ldap_free_request (origid 1, msgid 1)


This is from a valid user in the local passwd file

valid users from NDS don't create log files.

I enabled the NDS attribute mapping for uniqueMember = member
but uniquemember is spelled without a cap earlier in the nss_ldap.conf -
so not sure if it should be changed

NDS uses member for uniquemember
NDS also uses cn for uid

Anyway I have the ldap working via apache with the mosquit module, so I
know it works, and from the server I can search for users using
ldapsearch.

It seems that the user needs to be in the passwd and then debug is
generated. Users that are not in passwd just get a prompt for password
and then disconnect after 3 attempts. no logs in the /var/log dir are
created unless user exists in passwd.

Any thoughts would be welcomed

TKS
A