[Date Prev][Date Next] [Chronological] [Thread] [Top]

pam_ldap authentication

To: openldap-software@OpenLDAP.org
Subject: pam_ldap authentication
From: Todd Woods <twoods@divms.uiowa.edu>
Date: Fri, 7 Sep 2001 10:18:05 -0500 (CDT)

	Think I may have a problem with either pam_ldap configuration or
ACLs.  When I try to login from RedHat Linux 7.1 system it will say the
user doesn't exist.  Running openldap in ACL debug mode (-d 128) shows
that the linux system is trying to do a search of posixAccount instead of
trying an auth vs. the password.  Since the linux client hasn't bound yet
it's doing this as anonymous.  If I give search access to anonymous it
will still fail.  This time it first searches the account object then
reads all it's fields, again as anonymous.  If I give read access to
anonymous then it searches the object, reads it, then asks for password on
the client and tries to bind as the user. 

	I can get around it by using the ldap.secret and specifying a
non-anonymous user as the default dn in ldap.conf but is this the way it's
supposed to work?  Either specify a user in the ldap.conf file or give
read access by *?  And if not what are the minimum ACLs needed by
pam_ldap?  Sorry if this is more suited to a list at padl, figured someone
here would have covered configuration of pam_ldap with openldap before.

	Thanks,
		Todd

Prev by Date: SASL troubles
Next by Date: ACI syntax
Index(es):
- Chronological
- Thread