lists.arthurdejong.org
RSS feed

Re: nslcd and pam_ldap.so: Anonymous access is not allowed

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: nslcd and pam_ldap.so: Anonymous access is not allowed



On Thu, 2021-12-16 at 16:42 +0100, Andrea Sighinolfi wrote:
> When I try to authenticat the ldap user in my application using
> pam_ldap.so module, the authentication always fails, and the
> following message is registered to the syslog:
> daemon.err nslcd[140]: [495cff] <authc="test"> ldap_result() failed:
> Inappropriate authentication: Anonymous access is not allowed.

The first thing that nslcd does before actually authenticating the user
is to try to look up the user in the LDAP server. This is done using
the same search operation that is normally configured for the NSS (i.e.
getent passwd) lookups.

That means that you probably want to configure a binddn and bindpw (or
other authentication mechanism) for the normal LDAP connection.

After the initial lookup the authentication itself is done via a BIND
operation followed by default by a simple search to validate that the
user is actually properly connected (see the pam_authc_search option
for details).

Hope this clarifies things,

-- 
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --