nss-pam-ldapd package not found - What to do?

Issues related to software problems.
Post Reply
user2016
Posts: 4
Joined: 2017/01/10 07:48:45

nss-pam-ldapd package not found - What to do?

Post by user2016 » 2017/01/10 14:24:48

I'm trying to integrate ldap active directory. On ubuntu it was very easy. But in centos I need nslcd.conf and its service.

But I couldn't find nslcd package for centos 5. It seems like it is available only for Centos 6 and above?? What should I do? I'm looking into alternate solutions if that package isn't available

Repos:
CentOS-Base.repo CentOS-Media.repo epel.repo CentOS-Debuginfo.repo CentOS-Vault.repo webtatic-el5.repo

Following packages were installed:

package { "krb5-workstation": ensure => installed }
package { "openldap-clients": ensure => installed }
package { "nss_ldap": ensure => installed }
package { "pam_krb5": ensure => installed }


I want the following content to be in nslcd.conf in order to complete the setup. Any alternate way to get it working?

It seems ldap.conf has similar (nss_map_attribute instead of "map passwd" ) in its default config file. Trying out if it works with some modification.

Code: Select all


# This file is managed by puppet
# nslcd configuration file. See nslcd.conf(5)
# for details.
referrals off
# The user and group nslcd should run as.
uid nslcd
gid nslcd
# The location at which the LDAP server(s) should be reachable.
uri ldap://example.com
# The search base that will be used for all queries.
base dc=example,dc=com
# The LDAP protocol version to use.
ldap_version 3
# The DN to bind with for normal lookups.
binddn CN=Temp User,CN=Users,DC=example,DC=com
bindpw  bind_password_here
# The DN used for password modifications by root.
#rootpwmoddn cn=admin,dc=example,dc=com
# SSL options
#ssl off
tls_reqcert never
# The search scope.
scope sub
filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map passwd uid sAMAccountName
map passwd uidnumber uidNumber
map passwd homedirectory unixHomeDirectory
map passwd loginshell loginShell
map passwd gecos displayName
filter shadow (&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map shadow uid sAMAccountName
filter group (&(objectClass=group)(gidNumber=*))
~

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: nss-pam-ldapd package not found - What to do?

Post by TrevorH » 2017/01/10 14:27:59

That package was new in el6. On CentOS 5 you need to use nss_ldap instead but all else is very similar except that you need to amend /etc/ldap/conf and not the nss_pam_ldap version.

Please note that CentOS 5 now has just over 2 months of useful life left. You should be migrating to a supported version ASAP as CentOS 5 goes EOL at the end of March 2017 and will receive no more security updates.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

user2016
Posts: 4
Joined: 2017/01/10 07:48:45

Re: nss-pam-ldapd package not found - What to do?

Post by user2016 » 2017/01/10 15:08:28

Okay. Can you let me know what changes I have to make in ldap.conf ?

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: nss-pam-ldapd package not found - What to do?

Post by TrevorH » 2017/01/10 15:37:49

As far as I remember they are almost exactly the same as nss-pam-ldap config files though I'm afraid I abolished my last el5 systems some months ago so cannot check now.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

user2016
Posts: 4
Joined: 2017/01/10 07:48:45

Re: nss-pam-ldapd package not found - What to do?

Post by user2016 » 2017/01/11 06:14:36

It can identify user from AD but if I try to login it says password incorrect.
Any suggestion?

ldap.conf

Code: Select all

base dc=example,dc=com
uri ldap://example.com
ssl no
binddn cn=Ldap Bind,cn=Users,dc=example,dc=com
bindpw bind_password_here
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus

scope sub
filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))

nss_map_objectclass posixAccount User
nss_map_objectclass shadowAccount User
nss_map_objectclass posixGroup Group
nss_map_attribute uid sAMAccountName
nss_map_attribute uidNumber uidNumber
nss_map_attribute gidNumber gidNumber
nss_map_attribute gecos         name
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute loginShell loginShell
pam_login_attribute sAMAccountName
pam_filter objectclass=User
nss_base_password cn=Users,dc=example,dc=com
nss_base_shadow cn=Users,dc=example,dc=com
nss_base_group cn=Users,dc=example,dc=com
#pam_password example
referrals       no
filter shadow (&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map shadow uid sAMAccountName
filter group (&(objectClass=group)(gidNumber=*))
~

Post Reply