Re: root user and unwanted failing ldap requests

On Wed, Dec 05, 2007 at 06:09:35PM +0100, Tony Earnshaw wrote:

> >it works perfectly for any user.
>
> What's that supposed to mean? What "works perfectly for any user"?

As in, I can log in as a user that's specified in LDAP.

> I don't know Debian or its defaults, but as a (very security
> minded) Red Hat person I'd be looking at /etc/ssh/sshd_config and
> PermitRootLogin.  After that, look at AllowUser, otherwise it's
> going to cost your site "bacon fat" (as Norwegians say).

I can log in as root, that's not the problem. It's just it's trying to
bind to the LDAP server, which fails.

root is, for a number of reasons, obviously not in LDAP, so it's using the
local database. Which is ideal, I just don't want my logs filled with
"pam_ldap: ldap_simple_bind Can't contact LDAP server" when root tries to
log in.

--
ben