Adams, Samuel D Contr AFRL/HEDR wrote:
Does anyone know what the minimum set of attributes are that need to be anonymously readable and still allow the OpenLDAP PAM client to authenticate? I tried to lock it down to only allow username, but that was too restrictive. Now I just have it restricting only the userPassword, but I thing there is room for further tightening.I don't know offhand but you can either look in the logs for the request, or use ethereal to sniff the packets to get the attributes requested. Perhaps you forgot to allow access to objectclass?
-- Pete
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
