[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Authentication Problem without anonymous bind
Hi List,
excuse in advance for my bad english
I don't know if this is the right place for this question but ....in every
case thanks in advance for your patience and your help.
This is my situation:
OpenLDAP 2.1.22 on Mandrake 9.1 installed from source based on BDB 4.1.25
(idem from source....).
PAM modules and NNS modules distribution-based....
Authentication Linux works fine until I have changed ACL and I have removed
anonymous bind from slapd.conf
This is my actually ACL section:
access to dn=".*,dc=usl11,dc=net"
by self write
by users read
by * auth
>From this moment Authentication Linux fails with this message in syslog
Jan 19 11:15:55 icaro slapd[27764]: conn=16 fd=16 ACCEPT from
IP=127.0.0.1:33118
(IP=0.0.0.0:389)
Jan 19 11:15:55 icaro slapd[27773]: conn=16 op=0 BIND dn="" method=128
Jan 19 11:15:55 icaro slapd[27773]: conn=16 op=0 RESULT tag=97 err=0 text=
Jan 19 11:15:55 icaro slapd[27774]: conn=16 op=1 SRCH base="dc=usl11,dc=net"
sco
pe=2 filter="(&(objectClass=posixAccount)(uidNumber=1002))"
Jan 19 11:15:55 icaro slapd[27774]: conn=16 op=1 SRCH attr=uid userPassword
uidN
umber gidNumber cn homeDirectory loginShell gecos description objectClass
Jan 19 11:15:55 icaro slapd[27774]: conn=16 op=1 SEARCH RESULT tag=101 err=0
nen
tries=0 text=
Pam module seems to use Anonymous bind to search in LDAP tree....How can I
change this ?
PAM module and NNS module seems to use /etc/ldap.conf file as configuration
file
My /etc/ldap.conf is
BASE dc=usl11,dc=net
URI ldap://127.0.0.1
#binddn cn=Manager,dc=usl11,dc=net
rootbinddn cn=Manager,dc=usl11,dc=net
nss_base_passwd dc=usl11,dc=net?sub
nss_base_shadow dc=usl11,dc=net?sub
nss_base_group ou=Groups,dc=usl11,dc=net?one
ssl no
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute gid
pam_template_login_attribute uid
pam_password md5
NNS module works fine under this setting because use /etc/ldap.secret file
for bind, but PAM doesn't seem to do the same...
If I specify binddn directive in ldap.conf file It use this dn for binding
but i don't know how specify a password.
I know that this problem cover PAM and Mandrake aspects more than OpenLDAP
but thnaks for any suggestion.
If someone use other Linux distribution and/or other version of PAM modules
and don't have this problem please let me Know.
Thanks for your help.
--
Roberto Morelli <r.morelli@usl11.toscana.it>
System Administrator -- Azienda U.S.L. 11 Empoli (Italy)