pam_ldap(8) - Man pages

dwww Home | Manual pages | Find package
pam_ldap(8)                 System Manager's Manual                 pam_ldap(8)

NAME
       pam_ldap - PAM module for LDAP-based authentication

SYNOPSIS
       pam_ldap.so [...]

DESCRIPTION
       This  is  a  PAM  module  that uses an LDAP server to verify user access
       rights and credentials.

OPTIONS
       use_first_pass
              Specifies that the PAM module should use the first password  pro-
              vided  in  the authentication stack and not prompt the user for a
              password.

       try_first_pass
              Specifies that the PAM module should use the first password  pro-
              vided  in  the  authentication stack and if that fails prompt the
              user for a password.

       nullok Specifying this option allows users to log in with a blank  pass-
              word.  Normally logins without a password are denied.

       ignore_unknown_user
              Specifies  that the PAM module should return PAM_IGNORE for users
              that are not present in the LDAP directory.  This causes the  PAM
              framework to ignore this module.

       ignore_authinfo_unavail
              Specifies that the PAM module should return PAM_IGNORE if it can-
              not  contact  the  LDAP server.  This causes the PAM framework to
              ignore this module.

       no_warn
              Specifies that warning messages should not be propagated  to  the
              PAM application.

       use_authtok
              This  causes  the PAM module to use the earlier provided password
              when changing the password. The module will not prompt  the  user
              for a new password (it is analogous to use_first_pass).

       debug  This option causes the PAM module to log debugging information to
              syslog(3).

       minimum_uid=UID
              This  option causes the PAM module to ignore the user if the user
              id is lower than the specified value. This can be used to  bypass
              LDAP checks for system users (e.g. by setting it to 1000).

MODULE SERVICES PROVIDED
       All  services are provided by this module but currently sessions changes
       are not implemented in the nslcd daemon.

FILES
       /etc/pam.conf
              the main PAM configuration file

       /etc/nslcd.conf
              The configuration file for the nslcd daemon (see nslcd.conf(5))

SEE ALSO
       pam.conf(5), nslcd(8), nslcd.conf(5)

AUTHOR
       This manual was written by Arthur de Jong <arthur@arthurdejong.org>.

Version 0.9.13                      Feb 2025                        pam_ldap(8)
Generated by dwww version 1.16 on Tue Dec 16 07:27:22 CET 2025.