Authenticate users against LDAP, Fedora 3

[David B.]

Hi,

I'm trying to setup Fedora Core 3 as an LDAP client to authenticate
users. We have a working configuration with an LDAP server running
OpenLDAP 2.0.23, and a few clients running mostly Debian Woody and Sarge
(with pam_ldap and libnss-ldap).

I've managed to setup Fedora so that it can find all users using finger
and getent etc., but I can't get it to authenticate users unless I have
specified rootbinddn and a password in /etc/ldap.secret. And I don't
really want to do that.

We're using simple binds with SSL/TLS, but we have disabled SSL/TLS now
during testing.

Here's the ACL on the server:
------------------------------------------------------
access to attribute=userPassword,lmPassword,ntPassword
         by dn="cn=admin,dc=<domain>" write
         by anonymous auth
         by * none

access to *
         by dn="cn=admin,dc=<domain>" write
         by * read
------------------------------------------------------

Here's the configuration file for the clients (ldap.conf on Fedora,
pam_ldap.conf on Debian):
------------------------------------------------------
base dc=comsol
uri ldap://<servername>
ldap_version 3
pam_password crypt
nss_base_passwd         ou=People,dc=<domain>?one
nss_base_shadow         ou=People,dc=<domain>?one
nss_base_group          ou=Group,dc=<domain>?one
------------------------------------------------------

Is there a way to get this working on Fedora, using simple binds and no
/etc/ldap.secret file? On Debian this works flawlessly.


Thankful for any help regarding this.

David B.