Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

LDAP - anonymous binding - default shell


Neophyte Sage
Jul 9, 2019
I'm running user authentication against a LDAP server. I noticed, there is a different behavior when selecting the [x] Allow Anonymous Binding button in the LDAP config. A getent passwd user won't output the shell of the user when the option is selected while it will output the shell if it is not.

As a result a user logging in will get /bin/sh instead of his default shell. Does anybody now why this was done? It looks intentional to me, as both nslcd.conf and nss_ldap.conf contain commands overriding the default shell. Unselecting this option will use SSSD instead, where no override is in place.

(Tested with FN 11.1u7 and 11.2u7)