4

LDAP and pam without binddn and anonymous access

view full story
linux-howto

http://serverfault.com – I am working in a large company and can use its central read-only LDAP server remotely. The LDAP server does not allow anonymous binding. In order to use this server for authentication of the users on my small server with a pam module I need an account which exposes the data on LDAP to me. The account data is normally filled in binddn and bindpw fields of the configuration. As I understood pam module normally logins with binddn and bindpw, then performs a search and afterwards bind for each user who is willing to login. The administrators of the server however do not like exposing all the dat (HowTos)

taskli's picture
Submitted by taskli on 07/25/2012 – Made popular on 07/25/2012

Stories similar to LDAP and pam without binddn and anonymous access

My server has access to a read-only LDAP where information about 99% of user accounts will reside. On my server I want to configure Samba to use LDAP for authentication.

Now and then there will be some extra users that do not have an account on LDAP.

Context : We have a Ubuntu 12.04 with authentication done on a ldap server.

Unfortunately, one (ldap) user belongs to a (ldap) group named "admin".

I know there is the option nss_initgroups_ignoreusers to list the users I don't want to be looked for from the ldap. But couldn't find any equivalent for groups.

How could I specify ldap groups not to be used on this installation?

I have a Windows server 2008 server under domain and security scan found out that LDAP anonymous binding is allowed. So i need to disable the anonymous binding for my domain. I have found a way to do it with Server 2003 using adsiedit.msc, but can't find the same option for server 2008.

Can someone point me right direction for it?

Thanks!

I presently use "md5" authentication for access from the lan:

host all all 192.168.1.0/24 md5

I want to add ldap authentication method, so I added this line before:

host all all 192.168.1.0/24 ldap "ldap://192.168.1.2/basedn;uid=;,cn=xx,dc=yy,dc=zz,dc=ca"

This work great with ldap accounts, but if I try to login with an account not present on

I'm trying to configure a LDAP server with some basic security parameters, including TLS and required authenticated binding.

I have started the server, and can access it from localhost with the command:

ldapsearch -x -b 'dc=server,dc=com' 'objectclass=*' -W -D 'cn=manager,dc=server,dc=com' -H ldaps://server.com:389

When I try the same command remotely, from my computer, I get the following err

I followed the guide from the below link to set up a ldap server. After everything is finished, I configured a client for ldap authentication and I can search the entries in ldap using the command ldapsearch -x ZZ but when I am trying to login to the client using a ldap user, the prompt just keeps waiting.

I am currently trying to add LDAP support to supplement a file auth system. Unfortunately, I can't just phase out the file system in it's entirety because of when the LDAP server goes down. The current status is that I have a system that works for both LDAP and file login, if the LDAP server is online and responding. But, when the LDAP server goes down, that is when I encounter issues.

Hello.

We've finally set-up our server to accept ldap SSL connections thanks to another question answered by a helpful member.

Our problem now is that when attempting to bind to ldap using the below simple PHP script, we constantly fail. Binding using ldap instead of ldaps works just fine using the script so I know the ldap is enabled.