[Date Prev][Date Next] [Chronological] [Thread] [Top]

Authentication Problem without anonymous bind



Hi List,
excuse in advance for my bad english

I don't know if this is the right place for this question but ....in every
case thanks in advance for your patience and your help.

This is my situation:
OpenLDAP 2.1.22 on Mandrake 9.1 installed from source based on BDB 4.1.25
(idem from source....).
PAM modules and NNS modules distribution-based....

Authentication Linux works fine until I have changed ACL and I have removed
anonymous bind from slapd.conf

This is my actually ACL section:

access to dn=".*,dc=usl11,dc=net"
	by self write
by users read
by * auth

>From this moment Authentication Linux fails with this message in syslog

Jan 19 11:15:55 icaro slapd[27764]: conn=16 fd=16 ACCEPT from
IP=127.0.0.1:33118
 (IP=0.0.0.0:389)
Jan 19 11:15:55 icaro slapd[27773]: conn=16 op=0 BIND dn="" method=128
Jan 19 11:15:55 icaro slapd[27773]: conn=16 op=0 RESULT tag=97 err=0 text=
Jan 19 11:15:55 icaro slapd[27774]: conn=16 op=1 SRCH base="dc=usl11,dc=net"
sco
pe=2 filter="(&(objectClass=posixAccount)(uidNumber=1002))"
Jan 19 11:15:55 icaro slapd[27774]: conn=16 op=1 SRCH attr=uid userPassword
uidN
umber gidNumber cn homeDirectory loginShell gecos description objectClass
Jan 19 11:15:55 icaro slapd[27774]: conn=16 op=1 SEARCH RESULT tag=101 err=0
nen
tries=0 text=

Pam module seems to use Anonymous bind to search in LDAP tree....How can I
change this ?
PAM module and NNS module seems to use /etc/ldap.conf file as configuration
file

My /etc/ldap.conf is

BASE    dc=usl11,dc=net
URI     ldap://127.0.0.1
#binddn cn=Manager,dc=usl11,dc=net
rootbinddn cn=Manager,dc=usl11,dc=net

nss_base_passwd         dc=usl11,dc=net?sub
nss_base_shadow         dc=usl11,dc=net?sub
nss_base_group          ou=Groups,dc=usl11,dc=net?one

ssl no
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute gid
pam_template_login_attribute uid
pam_password md5


NNS module works fine under this setting because use /etc/ldap.secret file
for bind, but PAM doesn't seem to do the same...
If I specify binddn directive in ldap.conf file It use this dn for binding
but i don't know how specify a password.

I know that this problem cover PAM and Mandrake aspects more than OpenLDAP
but thnaks for any suggestion.
If someone use other Linux distribution and/or other version of PAM modules
and don't have this problem please let me Know.

Thanks for your help.

-- 
Roberto Morelli <r.morelli@usl11.toscana.it>
System Administrator -- Azienda U.S.L. 11 Empoli (Italy)