# ssh openldap authentication not working



## spring_64 (Jul 19, 2017)

Hi all,
I have a serious problem with openldap. I cannot ssh to server with user "testuser" that I define in ldif file.

These are the steps I do:
1. Install openldap24-server
2. 
	
	



```
#ee /usr/local/etc/slapd.conf
.
.
.
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/nis.schema

suffix          "dc=example,dc=com"
rootdn          "cn=Manager,dc=example,dc=com"

security ssf=128
TLSCertificateFile /root/certificate/cert.pem
TLSCACertificateFile /root/certificate/cert.pem
TLSCertificateKeyFile /root/certificate/private.key
.
.
.
```

3. 
	
	



```
ee /usr/loccal/etc/openldap/ldap.conf

BASE    dc=example,dc=com
URI     ldap://t5.example.com

SIZELIMIT       12
TIMELIMIT       15
DEREF           never
ssl             start_tls
TLS_REQUEST     never
tls_cacert      /root/certidicate/cert.pem
```

4.
	
	



```
ee /usr/local/etc/ldap.conf

# LDAP client config
host                    t5.example.com
#host                   192.168.*.*
#uri                    ldap://t5.example.com/
uri                     ldap://192.168.*.*/
base                    dc=example,dc=com
port                    389
SIZELIMIT               12
TIMELIMIT               15
DEREF                   never
TLS_CACERT              /root/certificate/cert.pem
ssl                     start_tls
tls_checkpeer           no
suffix                  dc=example,dc=com
binddn                  uid=ldapclient$,ou=People,dc=example,dc=com
bindpw                  secret
scope                   sub
timelimit               5
bind_timelimit          5
nss_reconnect_tries     2
pam_login_attributes    uid
pam_member_attributes   cn
pam_password            MD5
nss_base_passwd         ou=People,dc=example,dc=com
nss_base_shadow         ou=People,dc=example,dc=com
```
5. 
	
	



```
#ee /etc/pam.d/sshd and 
ee /etc/pam.d/system

auth            sufficient      /usr/local/lib/pam_ldap.so      no_warn try_first_pass
```
6.

```
/
ee /etc/nsswitch.conf
#group: compat
group: files ldap
group_compat: nis
hosts: files dns
networks: files
#passwd: compat
passwd: files ldap
```
7.

```
ee example.ldif
dn: dc=example,dc=com
objectClass: dcObject
objectClass: organization
o: example
dc: example

dn: ou=People,dc=example,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit

dn: ou=Groups,dc=example,dc=com
ou: Groups
objectClass: top
objectClass: organizationalUnit

dn: ou=Roles,dc=example,dc=com
ou: Roles
objectClass: top
objectClass: organizationalUnit

dn: cn=customers,ou=Groups,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: customers
gidNumber: 5001

dn: uid=testuser,ou=People,dc=example,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: testuser
cn: Test User
sn: TestUser
givenName: Test
displayName: Testuser
uidNumber: 5001
gidNumber: 5001
gecos: Testuser
homeDirectory: /home/testuser
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
mail: testuser@example.com
postalCode: 2132DL
l: Hoofddorp
o: Voorbeeld
mobile: 0616xxx
homePhone: 3123xxxxx
title: System Tester
postalAddress:
initials: TU
loginShell: /bin/sh
shadowExpire: -1
```


----------



## spring_64 (Jul 22, 2017)

any idea?


----------

