I need to understand how LDAP user authentication works since I need to put password restrictions on the users but am not able to get it working correctly
Came through this link which says that LDAP(pam_ldap) always use binding as authentication and never reads userPassword. That is only read by nss_ldap
http://osdir.com/ml/ldap.padl.pam-ld.../msg00011.html
pam_ldap and nss_ldap work differently ?
If that is the case, if I have allowed anonymous binding on my LDAP server, should not I be able to login (ssh) into my machines with any valid user name and blank password (if I have pam for system-auth setup correctly)
Also, with any blank username and blank passwords ??
This link also talks about 'anonymous simple authentication'
https://www.opends.org/wiki/page/Def...PBindOperation
Adding allow_anon_cred and allow_anon_dn in slapd.conf should be enuf or I need to do something extra
Any help would be extremely helpful. Let me know your views/ideas about nsswitch and PAM settings