Re: What attributes to authenticate (or) How to block the ldap tree for anonymous users
Hi Holger,
Then I tried to login and failed. "Login incorrect".
In my messages:
slapd[5527]: slapd starting
login[4786]: pam_ldap: ldap_search_s No such object
login[4786]: FAILED LOGIN 1 FROM /dev/tty1 FOR UNKNOWN, User not known to
the underlying authentication module
It seems that you are using ldap to log in to your system, correct? In
this case you'll also have to set it up to authenticate to your
directory with a valid user. I'm not sure how Suse does this, but in
Debian you'd set a binddn and bindpw containing a DN to bind to the
directory with and its password, respectively, in order to allow
libnss-ldap to lookup user names in the database correctly. I'd advise
you to look at Suse's documentation for more information on setting
this up.
If I change the last line of the ACLs to:
by * read
everything works fine.
Thats understandable as the system will be able to do ldap lookups
anonymously. Just look at Suse's docs on how to set its pam-ldap and
nss-ldap to authenticate to your ldap server.
--
Diego Lima
http://www.diegolima.org