[Date Prev][Date Next]
RE: Is it possible to default bind using the root dn in LDAP.CONF
At 10:01 AM 1/21/2004, Damon Jebb wrote:
>Perhaps, but as this is related to the generic configuration file for
>ldap clients (ldap.conf)
It likely wasn't clear from your post, or maybe its not clear to,
which ldap.conf file you are actually talking about. For OpenLDAP
client configuration files, see ldap.conf(5) (from OpenLDAP), about
options affecting the bind operation. Note that many of these
must be set on a per-user basis (in .ldaprc, not ldap.conf).
If you talking about NSS/LDAP's and/or PAM/LDAP's ldap.conf file
(which it appears to me you are), well, that's another story...
one which you take to nssldap and/or pamldap lists at PADL.
> I thought it may get some useful responses from
>this list too. I have the feeling that this is related to the access
>control lists, but am not certain.
>From: Herbst Rainer [mailto:firstname.lastname@example.org]
>Sent: 21 January 2004 16:01
>To: email@example.com; OpenLDAP-software@OpenLDAP.org
>Subject: AW: Is it possible to default bind using the root dn in
>Seems to be a pam specific question, not an OpenLDAP specific one.
>Maybe you should have a look on www.padl.com and their mailgroups?
>Von: Damon [mailto:firstname.lastname@example.org]
>Gesendet: Mi 1/21/2004 11:51
>Betreff: Is it possible to default bind using the root dn in
>I am new to LDAP and struggling with a few things. One is that although
>I have managed to setup a SuSE 9.0 box with OpenLDAP 2.1.22 and a pam
>installation that uses pam_unix2.so, version 1.14. These are the
>versions as supplied by SuSE.
>My problem is that nothing I do seems to get rid of a request for LDAP
>authentication when running passwd as root, even for setting the root
>password. I have run debug on the LDAP server that seems to indicate
>that it is always using an anonymous bind in the first connection to the
>server. I have read in one of the many howtos and other documents that
>I have seen recently that the ldap client should use the root dn
>specified in the ldap.conf file and the password in /etc/ldap.secret -
>id this true, and if so how can I get this to happen so that it is not
>necessary to know the current password before setting a password as
>I can give trace logs and setup files if required, but am leaving them
>out for now to keep things short.
>Thanks for reading and any help you may be able to offer.