Uploaded image for project: 'Red Hat Directory Server'
  1. Red Hat Directory Server
  2. DIRSRV-80

dsconf 'base' PAM Pass Through Auth dn: not working

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • dirsrv-12.6
    • dirsrv-11.8
    • 389-ds-base
    • None
    • rhel-sst-idm-ds
    • 0
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None

      Description of problem:
      dsconf 'base' PAM Pass Through Auth dn: not working

      Version-Release number of selected component (if applicable):
      389-ds-base-1.4.3.35-2.module+el8.8.0+19693+b24f535c.x86_64

      How reproducible:
      Always

      Steps to Reproduce:
      1. dsconf corpldap plugin pam-pass-through-auth config 'PAM Pass Through Auth' set --filter="(&(Unable to render embedded object: File ((uid=newrelicmon))() not found.(uid=bugzilla))(Unable to render embedded object: File ((uid=applmgr))() not found.(userPassword=*)))"
      Error: No object exists given the filter criteria: PAM Pass Through Auth (&(&(objectclass=top)(objectclass=extensibleObject)(objectclass=nsslapdplugin)(objectclass=pamConfig))(|(cn=PAM Pass Through Auth)))

      Actual results:
      Fail

      Expected results:
      Work

      Additional info:

      Here are the comments from the customer.


      I can set the configuration for the 2FA PAM PTA Config dn using the below command:
      [root@dev-frac1 ~]# dsconf corpldap plugin pam-pass-through-auth config '2FA PAM PTA Config' set --filter="(&(Unable to render embedded object: File ((uid=newrelicmon))() not found.(uid=bugzilla))(Unable to render embedded object: File ((uid=applmgr))() not found.(userPassword=*)))"
      Successfully changed the cn=2FA PAM PTA Config,cn=PAM Pass Through Auth,cn=plugins,cn=config

      However, I am unable to do the same for the 'base' PAM Pass Through Auth dn:
      [root@dev-frac1 ~]# dsconf corpldap plugin pam-pass-through-auth config 'PAM Pass Through Auth' set --filter="(&(Unable to render embedded object: File ((uid=newrelicmon))() not found.(uid=bugzilla))(Unable to render embedded object: File ((uid=applmgr))() not found.(userPassword=*)))"
      Error: No object exists given the filter criteria: PAM Pass Through Auth (&(&(objectclass=top)(objectclass=extensibleObject)(objectclass=nsslapdplugin)(objectclass=pamConfig))(|(cn=PAM Pass Through Auth)))

      I suspect it might be syntax, but my several attempts have proven unsuccessful. The RHDS11 docs [1] seem to be inaccurate as well as they reference commands that worked in RHDS10, but not RHDS11. (e.g. 'plugin pass-through-auth pam-config' worked in RHDS10, but in RHDS11 it seems to be 'plugin pam-pass-through-auth config')

      I did test out renaming the 'base' PAM plugin:
      dn: cn=Default PAM PTA Config,cn=PAM Pass Through Auth,cn=plugins,cn=config
      objectClass: top
      objectClass: nsSlapdPlugin
      objectClass: extensibleObject
      objectClass: pamConfig
      cn: Default PAM PTA Config
      [...]

      And it then allows me to modify the config via dsconf:
      [root@dev-frac2 ~]# dsconf corpldap plugin pam-pass-through-auth config "Default PAM PTA Config" set --filter="(&(Unable to render embedded object: File ((uid=newrelicmon))() not found.(uid=bugzilla))(!(uid=applmgr)))"
      Successfully changed the cn=Default PAM PTA Config,cn=PAM Pass Through Auth,cn=plugins,cn=config

              idm-ds-dev-bugs IdM DS Dev
              rhn-support-ekeck Eugene Keck
              IdM DS QE IdM DS QE
              Evgenia Martyniuk Evgenia Martyniuk
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: