Re: Fwd: CentOS 7 : ldap authentication failed

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Frédéric Marchal <marchal.frederic [at] gmail.com>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: Fwd: CentOS 7 : ldap authentication failed
Date: Mon, 26 Jan 2015 22:48:04 +0100

Thanks for your reply.

Unfortunately, as I understand, there is no solution nowadays, until someone build a patch to add this configuration item.

To complete the thread, the ldap server is the classic Openldap.

Regards

2015-01-26 20:45 GMT+01:00 Arthur de Jong <arthur [at] arthurdejong.org>:

On Mon, 2015-01-26 at 20:30 +0100, Frédéric Marchal wrote:
> Until the password is checked, everything is ok. The problem comes
> after :
> nslcd: [3c9869] <authc="username"> DEBUG:
> myldap_search(base="uid=username,ou=people,dc=companyname,dc=com", filter="(objectClass=*)")
>
> Why nslcd adds 'uid=username' to the ldap base ?

nslcd performs a search after the BIND operation because some LDAP
servers do not seem to return correct errors on the BIND operation
alone.

This also came up recently:
http://lists.arthurdejong.org/nss-pam-ldapd-users/2014/msg00169.html

So it may be a good idea to have an option for this (probably with the
added value of "trust-bind", an empty string or similar). Patches
welcome ;)

Thanks,

--
-- arthur - arthur [at] arthurdejong.org - http://arthurdejong.org/ --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

Re: CentOS 7 : ldap authentication failed, (continued)

Prev by Date: Re: Fwd: CentOS 7 : ldap authentication failed
Next by Date: Different LDAP parameters for different PAM services
Previous by thread: Re: Fwd: CentOS 7 : ldap authentication failed
Next by thread: Different LDAP parameters for different PAM services