ldapwhoami 可以工作，但 pam_authenticate 使用相同凭据失败

我正在使用 C++ 应用程序测试 pam_ldap 实现。我配置了 ldap 和 pam_ldap 以针对在同一主机中运行的 OpenLDAP 服务器进行身份验证。创建了一个用户进行测试，ldapwhoami效果如下：

ldapwhoami -vvv -D cn=carlosp,cn=users-group,ou=users,dc=example,dc=org -x -w xxxx 返回

ldap_initialize( <DEFAULT> )
dn:cn=carlosp,cn=users-group,ou=users,dc=example,dc=org
Result: Success (0)

但我的应用程序无法通过以下方式验证同一用户

retval = pam_start("testpam", user, &conv, &pamh);
retval = pam_authenticate(pamh, 0);

相关消息来自

slcd: [8b4567] <authc="carlosp"> DEBUG: nslcd_pam_authc("carlosp","testpam","***")
nslcd: [8b4567] <authc="carlosp"> DEBUG: myldap_search(base="dc=example,dc=org", filter="(&(objectClass=posixAccount)(uid=carlosp))")
nslcd: [8b4567] <authc="carlosp"> DEBUG: ldap_initialize(ldap://127.0.0.1/)
nslcd: [8b4567] <authc="carlosp"> DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] <authc="carlosp"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] <authc="carlosp"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] <authc="carlosp"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [8b4567] <authc="carlosp"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [8b4567] <authc="carlosp"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [8b4567] <authc="carlosp"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] <authc="carlosp"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] <authc="carlosp"> DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldap://127.0.0.1/")
nslcd: [8b4567] <authc="carlosp"> ldap_result() failed: No such object
nslcd: [8b4567] <authc="carlosp"> DEBUG: "carlosp": user not found: No such object

我的配置文件：

猫/etc/pam.d/testpam

auth       required     /usr/lib/x86_64-linux-gnu/security/pam_ldap.so debug
account    required     /usr/lib/x86_64-linux-gnu/security/pam_ldap.so debug
password   required     /usr/lib/x86_64-linux-gnu/security/pam_ldap.so debug
session    required     /usr/lib/x86_64-linux-gnu/security/pam_ldap.so debug

猫/etc/pam_ldap.conf

host 127.0.0.1
base dc=example,dc=org
uri ldap://127.0.0.1/
ldap_version 3
rootbinddn cn=admin,dc=example,dc=org
pam_login_attribute dn
pam_password clear

猫/etc/nslcd.conf

id nslcd
gid nslcd

# The location at which the LDAP server(s) should be reachable.
uri ldap://127.0.0.1/

# The search base that will be used for all queries.
base dc=example,dc=org

# The LDAP protocol version to use.
#ldap_version 3

# The DN to bind with for normal lookups.
#binddn cn=annonymous,dc=example,dc=net
#bindpw secret

# The DN used for password modifications by root.
#rootpwmoddn cn=admin,dc=example,dc=com

# SSL options
#ssl off
#tls_reqcert never
tls_cacertfile /etc/ssl/certs/ca-certificates.crt

/etc/nsswitch.conf

passwd:         files systemd ldap
group:          files systemd ldap
shadow:         files ldap
gshadow:        files ldap

hosts:          files mdns4_minimal [NOTFOUND=return] dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

有谁知道为什么ldapwhoami炒菜却pam_authenticate失败了？