RSS feed

Fwd: Help required regarding nss-pam-ldap

[Date Prev][Date Next] [Thread Prev][Thread Next]

Fwd: Help required regarding nss-pam-ldap

Hi Arthur,

Did you get a chance to look into this question ? Any updates ??
---------- Forwarded message ----------
From: Thejaswi Manjunatha <thejaswimanju [at]>
Date: Thu, Jul 27, 2017 at 4:56 PM
Subject: Re: Help required regarding nss-pam-ldap
To: Arthur de Jong <arthur [at]>

Hi Arthur,

I was testing your fix, when doing here are couple of observations :

1) The documentation shows pam_authc_search FILTER where it says NONE(No search) and BASE (to force default check) are attributes to be used.
2) Soon after the update of rpm to latest (without adding "pam_authc_search" entry to nslcd.conf) the authentication of those user (without read access for self) also started to work. Question: Is this the default behaviour now, what would it happen if pam_authc_serach is not specified in the nslcd.conf?
3) I added pam_authc_search to nslcd.conf and set the value to BASE again it was same behaviour (I was expecting that it would fail because the user cannot search/read its own record, and the "(objectClass=*)" filter is applied).

Below is the extract of nslcd.conf :

filter passwd (objectclass=user)
pam_authc_search BASE

On Fri, Jun 16, 2017 at 2:53 AM, Arthur de Jong <arthur [at]> wrote:
On Wed, 2017-06-14 at 09:27 +0200, Arthur de Jong wrote:
> Currently nslcd performs a search after a BIND operation to the LDAP 
> server to validate that the authentication was successful. Some work
> was done on making this configurable but this was not finished yet.

Since this has come up a few times now, I've scraped the various bits
together and pushed some changes to master to make the search

The change introduces a pam_authc_search option that you can use to
configure a custom search or you can set it to NONE to disable the
search altogether.

Testing of this is welcome!

-- arthur - arthur [at] - --


Manjunatha Thejaswi


Manjunatha Thejaswi
To unsubscribe send an email to or see