[Maria-discuss] OpenLDAP & PAM authentication
![](https://secure.gravatar.com/avatar/1bbc9aed42f6291d8065e87dce9d4017.jpg?s=120&d=mm&r=g)
Hello – I am having an issue configuring openLDAP to authenticate users on an instance in RHEL (CentOS 7) MariaDB server configured with plugin-load=auth_pam.so in my /etc/pam.d/mysql: auth required pam_ldap.so account required pam_ldap.so when I try and access the server from either the localhost, or any server inside my internal network, I see the LDAP authentication happen without issue and login is fine. When I try and access the server from outside the network, on the mariadb server in /var/log/secure I see the following: Jan 19 08:32:35 mysqld: pam_ldap(mysql:auth): unexpected response from failed conversation function Jan 19 08:32:35 mysqld: pam_ldap(mysql:auth): conversation failed Jan 19 08:32:35 mysqld: pam_ldap(mysql:auth): failed to get password: Authentication token manipulation error And in my client (Cygwin) I get the following error: ERROR 2059 (HY000): Authentication plugin 'mysql_clear_password' cannot be loaded: No such file or directory However I see this plugin in the /usr/lib64/mysql/plugin directory Any idea what is going wrong with remote logins? Thanks-
![](https://secure.gravatar.com/avatar/39b623a1559cf9c69ac3d9d4fb44e7fe.jpg?s=120&d=mm&r=g)
Hi, Adam! On Jan 19, Adam Balgach wrote:
Hello –
I am having an issue configuring openLDAP to authenticate users on an instance in RHEL (CentOS 7)
MariaDB server
configured with plugin-load=auth_pam.so
in my /etc/pam.d/mysql: auth required pam_ldap.so account required pam_ldap.so
when I try and access the server from either the localhost, or any server inside my internal network, I see the LDAP authentication happen without issue and login is fine.
When I try and access the server from outside the network, on the mariadb server in /var/log/secure I see the following:
Jan 19 08:32:35 mysqld: pam_ldap(mysql:auth): unexpected response from failed conversation function Jan 19 08:32:35 mysqld: pam_ldap(mysql:auth): conversation failed Jan 19 08:32:35 mysqld: pam_ldap(mysql:auth): failed to get password: Authentication token manipulation error
And in my client (Cygwin) I get the following error:
ERROR 2059 (HY000): Authentication plugin 'mysql_clear_password' cannot be loaded: No such file or directory
However I see this plugin in the /usr/lib64/mysql/plugin directory
Do you see it on the server or on the client? It is a client plugin, it must be stored on the client side and loaded run-time by your client. Regards, Sergei Chief Architect MariaDB and security@mariadb.org
participants (2)
-
Adam Balgach
-
Sergei Golubchik