lists.arthurdejong.org
RSS feed

Re: nslcd and pam_ldap.so: Anonymous access is not allowed

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: nslcd and pam_ldap.so: Anonymous access is not allowed



On Fri, 2021-12-17 at 09:31 +0100, Andrea Sighinolfi wrote:
> This is an example of how I perform a simple bind operation with 
> ldapsearch command on the ldap user "test":
> 
> ldapsearch -x -b "dc=labsecurity,dc=local"  -H ldap://192.168.30.1 -D
> "uid=test,cn=users,cn=accounts,dc=labsecurity,dc=local" -W "uid=test"

When the user test logs in nslcd first needs to find the DN of that
user (uid=test,cn=users,cn=accounts,dc=labsecurity,dc=local in this
example). If your LDAP server does not support anonymous searches you
need to configure an LDAP account that nslcd can use to perform the
searches before the authentication BIND operation is done. This can be
configured with the binddn and bindpw options in nslcd.conf.

This account is not only used for finding the login DN but also for
finding groups assigned to the user and checking other authorisation
properties.

Hope this helps,

-- 
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --