我已经安装了带有 PAM/NSS 的 LDAP。因此,我在 Debian 9 上安装了 libnss-ldap libpam-ldap nscd
apt-get install libnss-ldap libpam-ldap nscd
我配置了它,一切正常。我决定禁用匿名访问。我使用了这个 ldif:
dn: cn=config
changetype: modify
add: olcDisallows
olcDisallows: bind_anon
现在我无法访问 LDAP 中的用户。日志:
su iron
cat /var/log/auth.log
May 7 06:39:52 DebianMM nscd: nss_ldap: failed to bind to LDAP server ldap://my-server.local: Inappropriate authentication
May 7 06:39:52 DebianMM nscd: nss_ldap: reconnecting to LDAP server...
May 7 06:39:52 DebianMM nscd: nss_ldap: failed to bind to LDAP server ldap://my-server.local: Inappropriate authentication
May 7 06:39:52 DebianMM nscd: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)...
May 7 06:39:53 DebianMM nscd: nss_ldap: failed to bind to LDAP server ldap://my-server.local: Inappropriate authentication
May 7 06:39:53 DebianMM nscd: nss_ldap: could not search LDAP server - Server is unavailable
May 7 06:39:53 DebianMM su[702]: No passwd entry for user 'iron'
May 7 06:39:53 DebianMM su[702]: FAILED su for iron by root
May 7 06:39:53 DebianMM su[702]: - /dev/pts/0 root:iron
这是我的 /etc/ldap/ldap.conf:
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE dc=my-server,dc=local
URI ldap://my-server.local:389
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
# TLS certificates (needed for GnuTLS)
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
binddn cn=admin,dc=my-server,dc=local
bindpw password_clear
我需要再次登录,谢谢
答案1
在 ldap.conf 中添加 binddn 不起作用。请忽略我之前的回答。
您可以尝试在以下文件中添加 binddn:
/etc/libnss-ldap.conf
/etc/pam_ldap.conf
密码在此:
/etc/ldap.secret