Ldap
OpenLDAP:PAM/NSS 的非匿名訪問
我已經用 PAM/NSS 安裝了 LDAP。所以我在我的 Debian 9 上安裝了 libnss-ldap libpam-ldap nscd
apt-get install libnss-ldap libpam-ldap nscd
我對其進行了配置,一切正常。我決定禁用匿名訪問。我使用了這個 ldif:
dn: cn=config changetype: modify add: olcDisallows olcDisallows: bind_anon
現在我無法訪問 LDAP 中的使用者。日誌:
su iron cat /var/log/auth.log
May 7 06:39:52 DebianMM nscd: nss_ldap: failed to bind to LDAP server ldap://my-server.local: Inappropriate authentication May 7 06:39:52 DebianMM nscd: nss_ldap: reconnecting to LDAP server... May 7 06:39:52 DebianMM nscd: nss_ldap: failed to bind to LDAP server ldap://my-server.local: Inappropriate authentication May 7 06:39:52 DebianMM nscd: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)... May 7 06:39:53 DebianMM nscd: nss_ldap: failed to bind to LDAP server ldap://my-server.local: Inappropriate authentication May 7 06:39:53 DebianMM nscd: nss_ldap: could not search LDAP server - Server is unavailable May 7 06:39:53 DebianMM su[702]: No passwd entry for user 'iron' May 7 06:39:53 DebianMM su[702]: FAILED su for iron by root May 7 06:39:53 DebianMM su[702]: - /dev/pts/0 root:iron
這是我的 /etc/ldap/ldap.conf:
# # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. BASE dc=my-server,dc=local URI ldap://my-server.local:389 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never # TLS certificates (needed for GnuTLS) TLS_CACERT /etc/ssl/certs/ca-certificates.crt binddn cn=admin,dc=my-server,dc=local bindpw password_clear
我需要再次登錄工作謝謝
在 ldap.conf 中添加 binddn 不起作用。請忽略我之前的回答。
您可以嘗試在以下文件中添加 binddn:
/etc/libnss-ldap.conf /etc/pam_ldap.conf
和密碼在這裡:
/etc/ldap.secret