Re: Help required regarding nss-pam-ldap

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Arthur de Jong <arthur@arthurdejong.org>
To: Thejaswi Manjunatha <thejaswimanju@gmail.com>
Cc: nss-pam-ldapd-users@lists.arthurdejong.org
Subject: Re: Help required regarding nss-pam-ldap
Date: Wed, 14 Jun 2017 09:27:23 +0200 (CEST)

On Mon, 12 Jun 2017, Thejaswi Manjunatha wrote:

Later I noticed the user on the LDAP server did not had read permissionon his own record. When checked with history this behavior used to workwith open-ldap client. Kindly help me to understand was it done with anyintention or is it just my misconception. Any help here is very muchappreciated.

Currently nslcd performs a search after a BIND operation to the LDAPserver to validate that the authentication was successful. Some work wasdone on making this configurable but this was not finished yet.

The reason for the search after BIND is that some LDAP servers have beenknown to not return an error condition in certain situations if theauthentication failed. I think this was mostly the case when using anempty password.

--
-- Arthur - arthur@arthurdejong.org - http://arthurdejong.org/ --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/

Help required regarding nss-pam-ldap, Thejaswi Manjunatha
- Re: Help required regarding nss-pam-ldap, Arthur de Jong

Prev by Date: Re: shadowexpired user in FreeBSD??
Next by Date: Re: Support for Base64 encoded values
Previous by thread: Help required regarding nss-pam-ldap
Next by thread: Re: Help required regarding nss-pam-ldap