Re: PAM LDAP queries attempt to bind with empty binddn

To: Alex Samad <alex@samad.com.au>
Cc: debian-user@lists.debian.org
Subject: Re: PAM LDAP queries attempt to bind with empty binddn
From: "John A. Sullivan III" <jsullivan@opensourcedevel.com>
Date: Wed, 10 Feb 2010 15:27:25 -0500
Message-id: <[🔎] 1265833645.3508.4.camel@localhost>
In-reply-to: <[🔎] 20100210194237.GM10279@samad.com.au>
References: <[🔎] 1265818025.3738.19.camel@localhost> <[🔎] 20100210194237.GM10279@samad.com.au>

Thanks for the quick response.  I'll answer in the text below - John

On Thu, 2010-02-11 at 06:42 +1100, Alex Samad wrote:
> On Wed, Feb 10, 2010 at 11:07:05AM -0500, John A. Sullivan III wrote:
> > Hello, all.  We have just started to explore Debian Lenny as a platform
> > and have been delightfully impressed however we're hitting a problem
> > using LDAP authentication that we have not experienced in RedHat or
> > Ubuntu.  We do not allow anonymous LDAP queries but rather
> > configure /etc/pam_ldap.conf with a binddn and bindpw.
> > 
> > Our LDAP queries are failing and, when we look at the access logs on our
> > CentOS Directory Server 8.1, we see the binddn is empty:
> > 
> Hi
> 
> on my debian system I have a couple of packages installed to handle ldap
> userid db.
> 
> pam handles one side of it but you need the nss stuff as well.  There
> are 2 sets of packages, the one I use  (I like it better - works how I
> like it to work and seems to be getting active maintenance).
> 
> nslcd and with this you will need libnss-ldapd & libpam-ldapd they both
> need config files in /etc
libnss-ldap and libpam-ldap are installed.  I do not see a packaged
named nslcd unless it's a typo for nscd which is installed as well.
> 
> 
> [snip]
> 
> > 
> > pam_ldap.conf looks like this:
> > 
> 
> [snip]
> 
> you need to look at the nss config file as well
Do you mean nsswitch.conf? If so, we did address that - files ldap for
passwd, group, and shadow.
> 
> > We could very likely have a missing package.  This is a vserver and they
> > install a very skeleton base system.  For example, the system initially
> > did not query at all until we realized we needed to install passwd.
> > This is an X2Go print server (hopefully many desktops to come
> > immediately after!) so we have installed:
> 
> [snip]
> 
> 
> maybe you are missing stuff, like the nss ldap package.  getent passwd
> should show you all your users work from there and then getent group
getent passwd only shows local users
> 
> 
> > did we do wrong? Any help would be greatly appreciated as I've lost days
> > tracking this down with no answer.  Thanks - John
Still eagerly looking for hints and suggestions.  Thanks - John

Reply to:

Follow-Ups:
- Re: PAM LDAP queries attempt to bind with empty binddn
  - From: Alex Samad <alex@samad.com.au>

References:
- PAM LDAP queries attempt to bind with empty binddn
  - From: "John A. Sullivan III" <jsullivan@opensourcedevel.com>
- Re: PAM LDAP queries attempt to bind with empty binddn
  - From: Alex Samad <alex@samad.com.au>

Prev by Date: portable Debian
Next by Date: Re: PAM LDAP queries attempt to bind with empty binddn
Previous by thread: Re: PAM LDAP queries attempt to bind with empty binddn
Next by thread: Re: PAM LDAP queries attempt to bind with empty binddn
Index(es):
- Date
- Thread