[CentOS] Re: pam_ldap + nscd

Mon Oct 1 14:27:09 UTC 2007
Craig White <craigwhite at azapple.com>

On Mon, 2007-10-01 at 07:40 -0500, Steve Rigler wrote:
> On Sun, 2007-09-30 at 19:15 +0200, Felix Schwarz wrote:
> > Eventually I found the problem:
> > nscd did bind anonymously and slapd was configured to prevent access to ldap 
> > information by anonymous users. I thought that specifying "rootbinddn" and the 
> > correct password in ldap.secret would prevent that but obviously nscd needs 
> > "binddn" and "bindpw" in ldap.conf.
> > 
> > fs
> > 
> 
> nscd runs as user "nscd" so it's not going to use rootbinddn.
----
rootbinddn does not have anything to do with 'user root'

'User root' can bind as whatever is in /root/.ldaprc which by default is
nothing which will default to whatever values are set as binddn/bindpw
in /etc/ldap.conf

rootbinddn is the all-powerful bind of LDAP

Craig