[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: using pam binddn/bindpw w/slapd anonymous access disallowed

To: Gene Sohn <genesohn@yahoo.com>
Subject: RE: using pam binddn/bindpw w/slapd anonymous access disallowed
From: Greg Matthews <gmatt@nerc.ac.uk>
Date: 01 Jul 2003 09:24:17 +0100
Cc: openldap-software@OpenLDAP.org
In-reply-to: <KNEHLPPBIIHJNBHICFEMCEFLDCAA.genesohn@yahoo.com>
Organization: iTSS
References: <KNEHLPPBIIHJNBHICFEMCEFLDCAA.genesohn@yahoo.com>

ok...

try using rootbinddn and putting the password in /etc/ldap.secret or
wherever pam_ldap/nss_ldap was configured to find it. I *think* that
pam_ldap is 'effective user root' and so needs this for binding rather
than the general binddn.

I'm sure someone on this list will let you know if I'm wrong about this.

GREG

On Mon, 2003-06-30 at 20:25, Gene Sohn wrote:
> Hi Greg,
> 
> Thanks for the reply!
> 
> I don't believe this is an issue for me as I don't believe autofs
> participates in the pipeline of calls I'm troubleshooting.  Simply put, I'm
> trying to get pam_ldap to pass binddn and binddw to the ldap server for
> login/authentication calls so that pam uses a non-anonymous user to get
> password information.  This way I can secure anonymous access to the LDAP
> server.
> 
> In fact, if I decide not to care about this issue, my setup works.  I just
> happen to care about security in this case, since I want to be able to query
> my ldap server directly if need be from anywhere.
> 
> Thanks,
> 
> Gene
> 

-- 
Greg Matthews
iTSS Wallingford	01491 692445

Follow-Ups:
- RE: using pam binddn/bindpw w/slapd anonymous access disallowed
  - From: "Gene Sohn" <genesohn@yahoo.com>

Prev by Date: Re: LDAP Filter : works with full value, but not with part_of_value*
Next by Date: Retriving new uids
Index(es):
- Chronological
- Thread