Hello, I am trying to altogether eliminate anonymous access to my directory. However in doing this my authentication fails unless....I add a binddn and bindpw to the ldap.conf on the clients. As I understand it "bindpw" is inappropriate according to the OpenLDAP architects. So my situation right now looks like this. I have a ldap.conf populated with a binddn and bindpw entry. This allows me to remove anonymous access and authenticate to the directory with ldap user credentials. This is what I want, I just do not want to store a username and pass in the ldap.conf file. However if I remove this binddn and bindpw entry, and I disallow anonymous access, I am unable to authenticate against the directory using ldap user credentials. Even though upon attempting to login i am supplying valid LDAP user credentials it cannot find the user because it initially binds as "nobody" or 'dn="" in the access log and is unable to locate attributes do to the lack of anonymous access. Is there a way to have LDAP use the credential of the user logging in to bind to the directory initially. What are my options? I can force SASL GSSAPI but it it not ideal in my situation. Thank you
