pam_ldap Configuration Files

/etc/ldap.conf

You will need to create a file, /etc/ldap.conf, if you built your own pam_ldap or edit the existing one if you installed with the RPM. There are really only 2 lines that must be configured. The host and base entries.

Example 4-6. ldap.conf

    host 127.0.0.1

    base o=<your organization name>,c=<your country code>

Note the lack of spaces between the comma and the c=. For some reason, OpenLDAP likes this method better when being queried. I am not sure why, but I have had LDAP look up failures when querying the server with spaces between the commas and items. Also note that the host entry will allow you to use an LDAP server on another machine for pam authentication. The base entry must reflect your suffix entry (Base DN) in the slapd.conf file.

imap and pop files

You will need to configure the imap and pop files in the /etc/pam.d directory so that the cyrus imap server will use the pam_ldap module. Both files will need to look like the following:

Example 4-7. imap & pop files

    #%PAM-1.0
    auth       required     /lib/security/pam_ldap.so
    account    required     /lib/security/pam_ldap.so