Adams, Samuel D Contr AFRL/HEDR wrote: > Does anyone know what the minimum set of attributes are that need to > be anonymously readable and still allow the OpenLDAP PAM client to > authenticate? > > > > I tried to lock it down to only allow username, but that was too > restrictive. Now I just have it restricting only the userPassword, > but I thing there is room for further tightening. > I don't know offhand but you can either look in the logs for the request, or use ethereal to sniff the packets to get the attributes requested. Perhaps you forgot to allow access to objectclass? -- Pete -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060822/5d464cc1/attachment.bin
