[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: using pam binddn/bindpw w/slapd anonymous access disallowed



Hmmm.  I already have a rootbinddn/ldap.secret set up.  I'm pretty sure I
tested the situation where it could be attempting to connect using the
rootbinddn as the effective user for binding, and it has definitely failed
to work with this assumption.

Do you know of any way to "peek" at what pam_ldap is actually sending over
to the ldap server?

Gene

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Greg Matthews
> Sent: Tuesday, July 01, 2003 4:24 AM
> To: Gene Sohn
> Cc: openldap-software@OpenLDAP.org
> Subject: RE: using pam binddn/bindpw w/slapd anonymous access disallowed
>
>
> ok...
>
> try using rootbinddn and putting the password in /etc/ldap.secret or
> wherever pam_ldap/nss_ldap was configured to find it. I *think* that
> pam_ldap is 'effective user root' and so needs this for binding rather
> than the general binddn.
>
> I'm sure someone on this list will let you know if I'm wrong about this.
>
> GREG
>
> On Mon, 2003-06-30 at 20:25, Gene Sohn wrote:
> > Hi Greg,
> >
> > Thanks for the reply!
> >
> > I don't believe this is an issue for me as I don't believe autofs
> > participates in the pipeline of calls I'm troubleshooting.
> Simply put, I'm
> > trying to get pam_ldap to pass binddn and binddw to the ldap server for
> > login/authentication calls so that pam uses a non-anonymous user to get
> > password information.  This way I can secure anonymous access
> to the LDAP
> > server.
> >
> > In fact, if I decide not to care about this issue, my setup
> works.  I just
> > happen to care about security in this case, since I want to be
> able to query
> > my ldap server directly if need be from anywhere.
> >
> > Thanks,
> >
> > Gene
> >
>
> --
> Greg Matthews
> iTSS Wallingford	01491 692445