[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: What attributes to authenticate (or) How to block the ldap tree for anonymous users

Hi Holger,

> Then I tried to login and failed. "Login incorrect".
> In my messages:
> slapd[5527]: slapd starting
> login[4786]: pam_ldap: ldap_search_s No such object
> login[4786]: FAILED LOGIN 1 FROM /dev/tty1 FOR UNKNOWN, User not known to
> the underlying authentication module

It seems that you are using ldap to log in to your system, correct? In
this case you'll also have to set it up to authenticate to your
directory with a valid user. I'm not sure how Suse does this, but in
Debian you'd set a binddn and bindpw containing a DN to bind to the
directory with and its password, respectively, in order to allow
libnss-ldap to lookup user names in the database correctly. I'd advise
you to look at Suse's documentation for more information on setting
this up.

> If I change the last line of the ACLs to:
>        by * read
> everything works fine.

Thats understandable as the system will be able to do ldap lookups
anonymously. Just look at Suse's docs on how to set its pam-ldap and
nss-ldap to authenticate to your ldap server.

Diego Lima