From: Dan White <dwhite@cafedemocracy.org>On 06/11/15 23:38 +0000, Leo Xiao wrote: Hi technical, I hit a problem during configure proxy to AD. I can run command: $ldapsearch -x -h localhost -LLL -b dc=mydomain,dc=local -D cn=open,cn=users,dc=mydomain,dc=local -W "(cn=open1)" cn sAMAccountName which return the SAMACCOUNTNAME:open successfully. --- This may mean the proxy works well. But if I run command with out -D -D cn=open,cn=users,dc=mydomain,dc=local. The search will failed.So you are attempting to authenticate anonymously? Or with SASL?
On 06/15/15 22:58 +0000, Leo Xiao wrote:
Hi Dan, Thanks a lot for the comments. I want to authenticate anonymously, Not with SASL. Is there any pam configuration needed for this scenario? Could you share some link/doc to me? Thanks so much. When I use openldap user login, just run authconfig-gtk(modified the /etc/openldap/ldap.conf) and set the ldapserver/base DN can lead me login success.
The configuration to do anonymous binds is highly dependent on the ldap pam module you are using. See slapo-nssov(5) if you are using the one distributed by the OpenLDAP project. Otherwise, configuration of your ldap pam module is outside the scope of this project. However, assuming your pam ldap module uses (links against) libldap, consult the ldap.conf(5) manpage as well. -- Dan White