Home

pamldap

pam_ldap is a PAM (Pluggable Authentication Modules) module that enables authentication, account management, and other PAM services for UNIX-like systems against an LDAP directory. By integrating with the PAM framework, pam_ldap allows system login processes to verify user credentials and authorize access using LDAP entries.

The module operates by querying an LDAP directory for a user entry that matches the login name

Configuration for pam_ldap is typically done in a text-based file that specifies LDAP server locations, search

Security considerations emphasize the use of encrypted connections (TLS/SSL), careful management of bind credentials, and appropriate

See also: OpenLDAP, PAM, NSS, nss-pam-ldapd, SSSD.

and
attempting
to
bind
with
the
provided
password.
If
the
bind
succeeds,
authentication
proceeds;
otherwise
it
fails.
pam_ldap
can
be
configured
to
connect
to
LDAP
servers
over
plain
or
encrypted
channels
and
to
use
various
binding
methods,
such
as
simple
bind
with
a
bound
user
or
direct
binds.
It
also
supports
mapping
between
local
login
attributes
(for
example,
uid)
and
LDAP
attributes,
enabling
compatibility
with
different
directory
schemas.
bases,
and
attribute
mappings.
Common
options
include
the
LDAP
URI,
base
DN
for
searches,
login
attribute,
and,
if
needed,
bind
credentials
for
a
proxy
user.
The
same
configuration
is
used
by
all
PAM
stacks
that
reference
pam_ldap.
In
practice,
pam_ldap
is
often
used
together
with
additional
services
such
as
nss-pam-ldapd
or
SSSD
to
provide
system
account
resolution
and
centralized
authentication
and
authorization.
access
controls
within
the
LDAP
directory
to
prevent
unauthorized
access
or
exposure
of
sensitive
data.