IT Process Automation

Expand all | Collapse all

PAM process to access ldap users

  • 1.  PAM process to access ldap users

    Posted 04-10-2018 08:36 AM

    I´m creating a PAM process to get information of ldap users.

    I´m using and default operator that consults LDAP server.

    Because my PAM server has no access to LDAP, I installed a PAM agent in the machine that hosts EEM(that is configured to use AD)

    When I try to run my PAM process pointing to the agent machine, I receive the following error:

    Authentication with the LDAP server failed. [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1]

    But my user/password are correct because I´m able to login to other CA Apps, like USS that is pointing to EEM server.



  • 2.  Re: PAM process to access ldap users

    Posted 04-10-2018 10:03 AM

    Hi, does your EEM server has two network cards?

    How can EEM connect do AD and pam cannot?

    Have you tried to replicate the eem configuration that is used to connect to ldap in your operator?



  • 3.  Re: PAM process to access ldap users

    Posted 04-10-2018 10:15 AM

    No, my EEM has only one network card

    For Q2 I dont know why

    Yes, I tryed to use the same EEM configuration in operator.



  • 4.  Re: PAM process to access ldap users

    Posted 04-10-2018 10:29 AM


  • 5.  Re: PAM process to access ldap users

    Posted 04-10-2018 11:14 AM

    I followed this document and it worked



  • 6.  Re: PAM process to access ldap users

    Posted 04-10-2018 11:30 AM

    Paulo - fantastic, glad this resolved it for you!



  • 7.  Re: PAM process to access ldap users

    Posted 04-10-2018 11:42 AM

    One more question about pam ldap operator.

    Now that I can search in ldap, I want to search only users where the LDAP mail field is not null.

    Where can I do that?

    I tryed this in operator search field:

    "(!mail=" + "null" + ")"

    But returned The Search Filter: (!mail=null) is invalid. Unbalanced parenthesis



  • 8.  Re: PAM process to access ldap users

    Posted 04-10-2018 01:08 PM

    (&(objectCategory=person)(objectClass=user)(mail=*))