Why simple bind to LDAP(AD) without anonymous bind requires binddn and bindpw?
[Date Prev][Date Next] [Thread Prev][Thread Next]Why simple bind to LDAP(AD) without anonymous bind requires binddn and bindpw?
- From: Andre Piwoni <apiwoni [at] webmd.net>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Why simple bind to LDAP(AD) without anonymous bind requires binddn and bindpw?
- Date: Tue, 7 Aug 2018 17:52:32 -0700
I'd like to use authentication only and no authorization but this does not seem to supported without explicitly configuring binddn and bindpw.
Is non-anonymous bind using entered but not configured username and password supported as I only need authentication not group memberships etc.?
I should be able to simple bind to AD using entered password and user DN pattern that includes username in any of the following ways:
DN of the object CN=${username},OU=myOU,DC=myDC
{NetBIOS domain name}\sAMAccountName
sAMAccountName@{DNS name of a domain}
This does not seem to be possible.
Without binddn and bindw simple bind message indicates anonymous bind attempt ldap_simple_bind_s(NULL,NULL)
Aug 8 00:30:49 ip-172-31-10-200 nslcd: nslcd: [8b4567] <authc="apiwoni"> DEBUG: myldap_search(base="DC=***", filter="(&(&(objectClass=user)(!(objectClass=computer)))(sAMAccountName=apiwoni))")
Aug 8 00:30:49 ip-172-31-10-200 nslcd: nslcd: [8b4567] <authc="apiwoni"> DEBUG: ldap_initialize(ldap://***)
Aug 8 00:30:49 ip-172-31-10-200 nslcd: nslcd: [8b4567] <authc="apiwoni"> DEBUG: ldap_set_rebind_proc()
Aug 8 00:30:49 ip-172-31-10-200 nslcd: nslcd: [8b4567] <authc="apiwoni"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
Aug 8 00:30:49 ip-172-31-10-200 nslcd: nslcd: [8b4567] <authc="apiwoni"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
Aug 8 00:30:49 ip-172-31-10-200 nslcd: nslcd: [8b4567] <authc="apiwoni"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
Aug 8 00:30:49 ip-172-31-10-200 nslcd: nslcd: [8b4567] <authc="apiwoni"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
Aug 8 00:30:49 ip-172-31-10-200 nslcd: nslcd: [8b4567] <authc="apiwoni"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
Aug 8 00:30:49 ip-172-31-10-200 nslcd: nslcd: [8b4567] <authc="apiwoni"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
Aug 8 00:30:49 ip-172-31-10-200 nslcd: nslcd: [8b4567] <authc="apiwoni"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
Aug 8 00:30:49 ip-172-31-10-200 nslcd: nslcd: [8b4567] <authc="apiwoni"> DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldap://***")
Aug 8 00:30:49 ip-172-31-10-200 nslcd: nslcd: [8b4567] <authc="apiwoni"> ldap_result() failed: Operations error: 000004DC: LdapErr: DSID-0C090A22, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839
Andre Piwoni
-- To unsubscribe send an email to nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see https://lists.arthurdejong.org/nss-pam-ldapd-users/
- Why simple bind to LDAP(AD) without anonymous bind requires binddn and bindpw?, Andre Piwoni
- Prev by Date: Re: "Invalid credentials" after nss-pam-ldapd upgrade
- Next by Date: Re: Why simple bind to LDAP(AD) without anonymous bind requires binddn and bindpw?
- Previous by thread: Re: Compilation Error
- Next by thread: Re: Why simple bind to LDAP(AD) without anonymous bind requires binddn and bindpw?