[Mageia-dev] Help needed with ldap server.and gdm.

Sun Mar 24 12:49:29 CET 2013

Le 23/03/2013 21:41, David W. Hodgins a écrit :
+> Any suggestions?
+You're mixing issues here.
+
+pam only deals with authentication and authorization. The problem is not 
+to make a choice from pam_unix, or pam_pwdb, or pam_tcb, but to express 
+the fact than an user can authenticate from either local password 
+database or ldap passwd database:
+auth sufficient pam_unix
+auth sufficient pam_ldap use_first_pass
+auth required   pam_deny.so
+
+Most modules accept debug option to help troubleshooting.
+
+Once you resolved your authentication and authorization issues for both 
+users (console login, su, whatever), you can deal with the list of 
+people enumerated in gdm, but in gdm configuration.
+
+Also, the documentation you're using is a bit outdated:
+- bdb makes more sense today than ldbm as storage backend
+- ssha is a better choice than crypt for default password encoding scheme
+- using a rootdn with a password defined in slapd.conf is quite discussable
+- ACLs such as 'access to dn=".*,dc=mylan,dc=net"' would better be 
+defined as 'access to dn.subtree="dc=mylan,dc=net"' (no regex involved)
+- examples given use rfc2307 schema, whereas rfc2307bis (group 
+membership defined through dn, not uids) is a better choice
+- and more important: nss_ldap and pam_ldap are getting deprecated 
+nowadays, in favor or nss_pam_slapd, or sssd.
+
+-- 
+BOFH excuse #235:
+
+The new frame relay network hasn't bedded down the software loop 
+transmitter yet.
+