OK the trace is
_get_user_info() --> _connect_anonymously()
Now, _connect_anonymously() will try to bind as root if
if (session->conf->rootbinddn && geteuid () == 0)
For some reason it does this for any user trying to ssh in from
anywhere. It does this with:
msgid = ldap_simple_bind (session->ld,
session->conf->rootbinddn,
session->conf->rootbindpw);
rootbinddn and rootbindpw are filled with the specific root bind
credentials defined only in /etc/ldap/slapd.conf. Now to figure out:
Why did the session pick up rootbinddn. getuid() == 0 makes sense as I
believe this is sshd which makes the pam_ldap call through root.
--
cannot connect to ldap
https://launchpad.net/bugs/75535
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
