pam_ldap(8) - Man pages

dwww Home | Manual pages | Find package
pam_ldap(8)                 System Manager's Manual                pam_ldap(8)

NAME
       pam_ldap - PAM module for LDAP-based authentication

SYNOPSIS
       pam_ldap.so [...]

DESCRIPTION
       This  is  a  PAM  module that uses an LDAP server to verify user access
       rights and credentials.

OPTIONS
       use_first_pass
              Specifies that the PAM module should use the first password pro-
              vided  in the authentication stack and not prompt the user for a
              password.

       try_first_pass
              Specifies that the PAM module should use the first password pro-
              vided  in  the authentication stack and if that fails prompt the
              user for a password.

       nullok Specifying this option allows users to log in with a blank pass-
              word.  Normally logins without a password are denied.

       ignore_unknown_user
              Specifies that the PAM module should return PAM_IGNORE for users
              that are not present in the LDAP directory.  This causes the PAM
              framework to ignore this module.

       ignore_authinfo_unavail
              Specifies  that  the  PAM  module should return PAM_IGNORE if it
              cannot contact the LDAP server.  This causes the  PAM  framework
              to ignore this module.

       no_warn
              Specifies  that warning messages should not be propagated to the
              PAM application.

       use_authtok
              This causes the PAM module to use the earlier provided  password
              when  changing the password. The module will not prompt the user
              for a new password (it is analogous to use_first_pass).

       debug  This option causes the PAM module to log  debugging  information
              to syslog(3).

       minimum_uid=UID
              This option causes the PAM module to ignore the user if the user
              id is lower than the specified value. This can be used to bypass
              LDAP checks for system users (e.g. by setting it to 1000).

MODULE SERVICES PROVIDED
       All services are provided by this module but currently sessions changes
       are not implemented in the nslcd daemon.

FILES
       /etc/pam.conf
              the main PAM configuration file

       /etc/nslcd.conf
              The configuration file for the nslcd daemon (see nslcd.conf(5))

SEE ALSO
       pam.conf(5), nslcd(8), nslcd.conf(5)

AUTHOR
       This manual was written by Arthur de Jong <arthur@arthurdejong.org>.

Version 0.9.12                     Nov 2021                        pam_ldap(8)
Generated by dwww version 1.15 on Thu Sep 4 15:32:24 CEST 2025.