[Date Prev][Date Next] [Chronological] [Thread] [Top]

Authentication Problem without anonymous bind

To: <openldap-software@OpenLDAP.org>
Subject: Authentication Problem without anonymous bind
From: "Roberto Morelli" <r.morelli@usl11.toscana.it>
Date: Mon, 19 Jan 2004 12:07:53 +0100

Hi List,
excuse in advance for my bad english

I don't know if this is the right place for this question but ....in every
case thanks in advance for your patience and your help.

This is my situation:
OpenLDAP 2.1.22 on Mandrake 9.1 installed from source based on BDB 4.1.25
(idem from source....).
PAM modules and NNS modules distribution-based....

Authentication Linux works fine until I have changed ACL and I have removed
anonymous bind from slapd.conf

This is my actually ACL section:

access to dn=".*,dc=usl11,dc=net"
	by self write
by users read
by * auth

>From this moment Authentication Linux fails with this message in syslog

Jan 19 11:15:55 icaro slapd[27764]: conn=16 fd=16 ACCEPT from
IP=127.0.0.1:33118
 (IP=0.0.0.0:389)
Jan 19 11:15:55 icaro slapd[27773]: conn=16 op=0 BIND dn="" method=128
Jan 19 11:15:55 icaro slapd[27773]: conn=16 op=0 RESULT tag=97 err=0 text=
Jan 19 11:15:55 icaro slapd[27774]: conn=16 op=1 SRCH base="dc=usl11,dc=net"
sco
pe=2 filter="(&(objectClass=posixAccount)(uidNumber=1002))"
Jan 19 11:15:55 icaro slapd[27774]: conn=16 op=1 SRCH attr=uid userPassword
uidN
umber gidNumber cn homeDirectory loginShell gecos description objectClass
Jan 19 11:15:55 icaro slapd[27774]: conn=16 op=1 SEARCH RESULT tag=101 err=0
nen
tries=0 text=

Pam module seems to use Anonymous bind to search in LDAP tree....How can I
change this ?
PAM module and NNS module seems to use /etc/ldap.conf file as configuration
file

My /etc/ldap.conf is

BASE    dc=usl11,dc=net
URI     ldap://127.0.0.1
#binddn cn=Manager,dc=usl11,dc=net
rootbinddn cn=Manager,dc=usl11,dc=net

nss_base_passwd         dc=usl11,dc=net?sub
nss_base_shadow         dc=usl11,dc=net?sub
nss_base_group          ou=Groups,dc=usl11,dc=net?one

ssl no
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute gid
pam_template_login_attribute uid
pam_password md5


NNS module works fine under this setting because use /etc/ldap.secret file
for bind, but PAM doesn't seem to do the same...
If I specify binddn directive in ldap.conf file It use this dn for binding
but i don't know how specify a password.

I know that this problem cover PAM and Mandrake aspects more than OpenLDAP
but thnaks for any suggestion.
If someone use other Linux distribution and/or other version of PAM modules
and don't have this problem please let me Know.

Thanks for your help.

-- 
Roberto Morelli <r.morelli@usl11.toscana.it>
System Administrator -- Azienda U.S.L. 11 Empoli (Italy)

Follow-Ups:
- Re: Authentication Problem without anonymous bind
  - From: Douglas Furlong <douglas.furlong@firebox.com>
- Re: Authentication Problem without anonymous bind
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: libldap-ruby and \000
Next by Date: Re: ldap_bind PHP
Index(es):
- Chronological
- Thread