[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Strange Pam-Ldap authentication issue

To: openldap-software@OpenLDAP.org
Subject: Re: Strange Pam-Ldap authentication issue
From: "Joshua Pollak" <pardsbane@offthehill.org>
Date: Tue, 31 Oct 2000 17:10:42 -0500 (EST)
In-reply-to: <Pine.LNX.4.10.10010312252000.23628-100000@bastion.hugo.vanderkooij.org>
References: <Pine.LNX.4.10.10010312252000.23628-100000@bastion.hugo.vanderkooij.org>

> Educated guess: Does the LDAP client (the PAM stuff) bind itself to the
> LDPA server? If not then can an anonymous user find the required info in
> your LDAP server?
> 

I tried this:

"ldapsearch -D anonymous uid=test-user"

And got this as a result:

uid=test-user,ou=People,dc=offthehill,dc=org
uid=test-user
cn=Josh Pollak
objectclass=account
objectclass=posixAccount
objectclass=top
objectclass=shadowAccount
shadowlastchange=11210
shadowmax=99999
shadowwarning=7
loginshell=/bin/bash
uidnumber=2000
gidnumber=2000
homedirectory=/home/test-user
gecos=Josh Pollak,,,
creatorsname=cn=admin, dc=offthehill,dc=org
createtimestamp=20001023025826Z
modifytimestamp=20001031053136Z
modifiersname=cn=admin, dc=offthehill,dc=org


I don't know if -D anonymous is actually anonymous, but I was a regular 
(non-root) user and did not have to enter a password...

References:
- Re: Strange Pam-Ldap authentication issue
  - From: Hugo.van.der.Kooij@caiw.nl

Prev by Date: Re: what is simple bind?
Next by Date: Re: what is simple bind?
Index(es):
- Chronological
- Thread