[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: What attributes to authenticate (or) How to block the ldap tree for anonymous users



Hi Holger,

> Then I tried to login and failed. "Login incorrect".
> In my messages:
>
> slapd[5527]: slapd starting
> login[4786]: pam_ldap: ldap_search_s No such object
> login[4786]: FAILED LOGIN 1 FROM /dev/tty1 FOR UNKNOWN, User not known to
> the underlying authentication module
>


It seems that you are using ldap to log in to your system, correct? In
this case you'll also have to set it up to authenticate to your
directory with a valid user. I'm not sure how Suse does this, but in
Debian you'd set a binddn and bindpw containing a DN to bind to the
directory with and its password, respectively, in order to allow
libnss-ldap to lookup user names in the database correctly. I'd advise
you to look at Suse's documentation for more information on setting
this up.

>
> If I change the last line of the ACLs to:
>        by * read
> everything works fine.

Thats understandable as the system will be able to do ldap lookups
anonymously. Just look at Suse's docs on how to set its pam-ldap and
nss-ldap to authenticate to your ldap server.

-- 
Diego Lima
http://www.diegolima.org