Skip to Main Content
Forums

Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

LDAPs and PAM configuration not working

Peter PiknaFeb 3 2026 — edited Feb 4 2026

Hello,

I have trouble to configure LDAPs authentication (no kerberos).

LDAP client is Solaris 11: SunOS vdevdb 5.11 11.4.80.189.2 sun4v sparc sun4v logical-domain
As LDAP server I have RH IDM (FreeIPA)

I am successfully bind LDAPs using “ldapclient manual”. When i try to list domain users, it is success and returns correct records from IDM.

****************************************************************

This is the proof:

solaris# cat /etc/passwd |grep test
solaris#

solaris#getent passwd test
solaris#test:x:1603000138:1603000138:test test:/home/test:/bin/bash

Even su as domain user works:

solaris#su - test
Oracle Solaris 11.4.80.189.2                     Assembled March 2025
-bash-5.2$ id
uid=1603000138 gid=1603000138

****************************************************************

But what doesnt make sense, when i try to ssh login to that host as ‘test’ user, it doesnt work and it looks like user is not known:



Feb 3 15:33:35 solaris sshd[18382]: [ID 219349 auth.debug] pam_unix_auth: user test not found
Feb 3 15:33:35 solaris sshd[18382]: [ID 126369 auth.debug] PAM_LDAP: authenticate binddn = uid=test,cn=xxx,cn=xxx,dc=xxx,dc=xxx
Feb 3 15:33:35 solaris sshd[18382]: [ID 753935 auth.debug] PAM_LDAP: __ls_ldap_auth rc=0
Feb 3 15:33:35 solaris sshd[18382]: [ID 800047 auth.error] error: PAM: No account present for user for test from IP

ls_ldap_auth rc=0 should be success return code, so LDAPs works correctly.

****************************************************************

This is my config:

# cat /etc/nsswitch.conf

passwd: files ldap
group:  files ldap
hosts:  files dns
ipnodes:        files dns
networks:       files
protocols:      files
rpc:    files
ethers: files
netmasks:       files
bootparams:     files
publickey:      files ldap
netgroup:       ldap
automount:      files ldap
aliases:        files ldap
services:       files
project:        files ldap
auth_attr:      files ldap
prof_attr:      files ldap
tnrhtp: files ldap
tnrhdb: files ldap
sudoers:        files


# cat /etc/pam.conf

login   auth requisite  pam_authtok_get.so.1
login   auth required   pam_unix_cred.so.1
login   auth binding    pam_unix_auth.so.1 server_policy
login   auth required   pam_ldap.so.1

****************************************************************

I was searching around about this problem and find out something similar in this post:

https://forums.oracle.com/ords/apexds/post/sshd-and-pam-no-account-present-for-user-but-getent-and-su-7487

I tried to set objectClass: shadowAccount to test user as they recommend, but no change.

It would be great if someone help me.
Comments
Post Details
Added on Feb 3 2026
0 comments
39 views