Hi,
I'm trying to setup Fedora Core 3 as an LDAP client to authenticate
users. We have a working configuration with an LDAP server running
OpenLDAP 2.0.23, and a few clients running mostly Debian Woody and Sarge
(with pam_ldap and libnss-ldap).
I've managed to setup Fedora so that it can find all users using finger
and getent etc., but I can't get it to authenticate users unless I have
specified rootbinddn and a password in /etc/ldap.secret. And I don't
really want to do that.
We're using simple binds with SSL/TLS, but we have disabled SSL/TLS now
during testing.
Here's the ACL on the server:
------------------------------------------------------
access to attribute=userPassword,lmPassword,ntPassword
by dn="cn=admin,dc=<domain>" write
by anonymous auth
by * none
access to *
by dn="cn=admin,dc=<domain>" write
by * read
------------------------------------------------------
Here's the configuration file for the clients (ldap.conf on Fedora,
pam_ldap.conf on Debian):
------------------------------------------------------
base dc=comsol
uri ldap://<servername>
ldap_version 3
pam_password crypt
nss_base_passwd ou=People,dc=<domain>?one
nss_base_shadow ou=People,dc=<domain>?one
nss_base_group ou=Group,dc=<domain>?one
------------------------------------------------------
Is there a way to get this working on Fedora, using simple binds and no
/etc/ldap.secret file? On Debian this works flawlessly.
Thankful for any help regarding this.
David B.
