# LDAP Error: ldap_search_s No such object [solved]

## eunuque

Hi all,

I've followed the "Gentoo Guide to OpenLDAP Authentication", 

http://www.gentoo.org/doc/en/ldap-howto.xml

But at the end the getent passwd|grep 0:0 command returned me a single

line. So I tried to keep things simple...

I emerged openldap, migrationtools, pam_ldap, and nss_ldap (my USE flag contains ldap and pam).

The versions I use are:

openldap-2.1.30-r4

migrationtools-46

pam-0.77-r4

pam_ldap-176

nss_ldap-226

My configuration is the following:

/etc/openldap/sldap.conf:

```
include         /etc/openldap/schema/core.schema

include         /etc/openldap/schema/cosine.schema

include         /etc/openldap/schema/inetorgperson.schema

include         /etc/openldap/schema/nis.schema

#######################################################################

# ldbm database definitions

#######################################################################

database        ldbm

suffix          "dc=shacknet,dc=nu"

rootdn          "cn=Manager,dc=shacknet,dc=nu"

rootpw          secret

directory       /var/lib/openldap-ldbm

# Indices to maintain

index   objectClass     eq
```

/etc/ldap.conf: 

```
BASE         dc=shacknet, dc=nu

URI            ldap://dieu.shacknet.nu

```

/etc/pam.d/system-auth:

```
auth       required        /lib/security/pam_env.so

auth       sufficient  /lib/security/pam_ldap.so use_first_pass

auth       sufficient  /lib/security/pam_unix.so likeauth nullok nodelay

auth       required        /lib/security/pam_deny.so

account    sufficient  /lib/security/pam_unix.so

account    sufficient  /lib/security/pam_ldap.so

account    required        /lib/security/pam_deny.so

password   required        /lib/security/pam_cracklib.so retry=3

password   sufficient  /lib/security/pam_unix.so nullok md5 shadow use_authtok

password   sufficient  /lib/security/pam_ldap.so use_authtok

password   required        /lib/security/pam_deny.so

session    required        /lib/security/pam_limits.so

session    required        /lib/security/pam_unix.so

session    required    /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0

session    optional    /lib/security/pam_ldap.so

```

/etc/nsswitch.conf:

```

passwd:         files ldap

group:          files ldap

shadow:         files ldap

hosts:       files dns

networks:    files dns

services:    db files

protocols:   db files

rpc:         db files

ethers:      db files

netmasks:    files

netgroup:    files

bootparams:  files

automount:   files

aliases:     files

```

I used migrationtools to convert my system info into the LDAP database.

When logging in, LDAP says (auth.log):

pam_ldap: ldap_search_s No such object

However,  ldapsearch -x 'uid=myuser' gives my correct info...

Any help?Last edited by eunuque on Mon Jan 17, 2005 6:13 pm; edited 1 time in total

----------

## UberLord

/etc/ldap.conf needs a little more info

```

pam_filter objectclass=posixAccount

pam_login_attribute uid

pam_member_attribute gidNumber

nss_base_passwd dc=development,dc=ltl?sub

nss_base_shadow dc=development,dc=ltl?sub

nss_base_group  ou=Groups,dc=development,dc=ltl?one

```

----------

## eunuque

Thanks!!!

I added the following lines in /etc/ldap.conf:

```
pam_filter objectclass=posixAccount

pam_login_attribute uid

pam_member_attribute gidNumber

nss_base_passwd dc=shacknet,dc=nu

nss_base_shadow dc=shacknet,dc=nu

nss_base_group  ou=Groups,dc=shacknet,dc=nu 

```

And now it works.

----------

## eunuque

Also note that my default /etc/pam.d/sshd configuration file did NOT worked with LDAP.

Here is the line I added:

```
#%PAM-1.0

auth       required     pam_nologin.so

auth       sufficient   pam_ldap.so                          <<<<<<< LINE ADDED <<<<<<

auth       required     pam_stack.so service=system-auth

auth       required     pam_shells.so

account    required     pam_stack.so service=system-auth

password   required     pam_stack.so service=system-auth

session    required     pam_stack.so service=system-auth

```

----------

