LDAP and pam without binddn and anonymous access

view full story

http://serverfault.com – I am working in a large company and can use its central read-only LDAP server remotely. The LDAP server does not allow anonymous binding. In order to use this server for authentication of the users on my small server with a pam module I need an account which exposes the data on LDAP to me. The account data is normally filled in binddn and bindpw fields of the configuration. As I understood pam module normally logins with binddn and bindpw, then performs a search and afterwards bind for each user who is willing to login. The administrators of the server however do not like exposing all the dat (HowTos)