[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: What attributes to authenticate (or) How to block the ldap tree for anonymous users
Hi Holger,
> Then I tried to login and failed. "Login incorrect".
> In my messages:
>
> slapd[5527]: slapd starting
> login[4786]: pam_ldap: ldap_search_s No such object
> login[4786]: FAILED LOGIN 1 FROM /dev/tty1 FOR UNKNOWN, User not known to
> the underlying authentication module
>
It seems that you are using ldap to log in to your system, correct? In
this case you'll also have to set it up to authenticate to your
directory with a valid user. I'm not sure how Suse does this, but in
Debian you'd set a binddn and bindpw containing a DN to bind to the
directory with and its password, respectively, in order to allow
libnss-ldap to lookup user names in the database correctly. I'd advise
you to look at Suse's documentation for more information on setting
this up.
>
> If I change the last line of the ACLs to:
> by * read
> everything works fine.
Thats understandable as the system will be able to do ldap lookups
anonymously. Just look at Suse's docs on how to set its pam-ldap and
nss-ldap to authenticate to your ldap server.
--
Diego Lima
http://www.diegolima.org