Re: nslcd and pam_ldap.so: Anonymous access is not allowed

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Arthur de Jong <arthur [at] arthurdejong.org>
To: Andrea Sighinolfi <andrea.sighinolfi [at] sitti.it>, nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: nslcd and pam_ldap.so: Anonymous access is not allowed
Date: Wed, 29 Dec 2021 14:40:32 +0100

On Fri, 2021-12-17 at 09:31 +0100, Andrea Sighinolfi wrote:
> This is an example of how I perform a simple bind operation with 
> ldapsearch command on the ldap user "test":
> 
> ldapsearch -x -b "dc=labsecurity,dc=local"  -H ldap://192.168.30.1 -D
> "uid=test,cn=users,cn=accounts,dc=labsecurity,dc=local" -W "uid=test"

When the user test logs in nslcd first needs to find the DN of that
user (uid=test,cn=users,cn=accounts,dc=labsecurity,dc=local in this
example). If your LDAP server does not support anonymous searches you
need to configure an LDAP account that nslcd can use to perform the
searches before the authentication BIND operation is done. This can be
configured with the binddn and bindpw options in nslcd.conf.

This account is not only used for finding the login DN but also for
finding groups assigned to the user and checking other authorisation
properties.

Hope this helps,

-- 
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --

nslcd and pam_ldap.so: Anonymous access is not allowed, Andrea Sighinolfi
- Re: nslcd and pam_ldap.so: Anonymous access is not allowed, Arthur de Jong
  - Re: nslcd and pam_ldap.so: Anonymous access is not allowed, Andrea Sighinolfi
    - Re: nslcd and pam_ldap.so: Anonymous access is not allowed, Arthur de Jong

Prev by Date: Re: nslcd and pam_ldap.so: Anonymous access is not allowed
Previous by thread: Re: nslcd and pam_ldap.so: Anonymous access is not allowed