Ldap

OpenLDAP:PAM/NSS 的非匿名訪問

  • May 7, 2019

我已經用 PAM/NSS 安裝了 LDAP。所以我在我的 Debian 9 上安裝了 libnss-ldap libpam-ldap nscd

apt-get install libnss-ldap libpam-ldap nscd

我對其進行了配置,一切正常。我決定禁用匿名訪問。我使用了這個 ldif:

dn: cn=config
changetype: modify
add: olcDisallows
olcDisallows: bind_anon

現在我無法訪問 LDAP 中的使用者。日誌:

su iron
cat /var/log/auth.log
May  7 06:39:52 DebianMM nscd: nss_ldap: failed to bind to LDAP server ldap://my-server.local: Inappropriate authentication
May  7 06:39:52 DebianMM nscd: nss_ldap: reconnecting to LDAP server...
May  7 06:39:52 DebianMM nscd: nss_ldap: failed to bind to LDAP server ldap://my-server.local: Inappropriate authentication
May  7 06:39:52 DebianMM nscd: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)...
May  7 06:39:53 DebianMM nscd: nss_ldap: failed to bind to LDAP server ldap://my-server.local: Inappropriate authentication
May  7 06:39:53 DebianMM nscd: nss_ldap: could not search LDAP server - Server is unavailable
May  7 06:39:53 DebianMM su[702]: No passwd entry for user 'iron'
May  7 06:39:53 DebianMM su[702]: FAILED su for iron by root
May  7 06:39:53 DebianMM su[702]: - /dev/pts/0 root:iron

這是我的 /etc/ldap/ldap.conf:

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

BASE    dc=my-server,dc=local
URI     ldap://my-server.local:389

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

# TLS certificates (needed for GnuTLS)
TLS_CACERT      /etc/ssl/certs/ca-certificates.crt
binddn cn=admin,dc=my-server,dc=local
bindpw password_clear

我需要再次登錄工作謝謝

在 ldap.conf 中添加 binddn 不起作用。請忽略我之前的回答。

您可以嘗試在以下文件中添加 binddn:

/etc/libnss-ldap.conf

/etc/pam_ldap.conf 

和密碼在這裡:

/etc/ldap.secret

引用自:https://serverfault.com/questions/966164