LDAP - anonymous binding - default shell

Fredda

Guru
Joined
Jul 9, 2019
Messages
608
I'm running user authentication against a LDAP server. I noticed, there is a different behavior when selecting the [x] Allow Anonymous Binding button in the LDAP config. A getent passwd user won't output the shell of the user when the option is selected while it will output the shell if it is not.

As a result a user logging in will get /bin/sh instead of his default shell. Does anybody now why this was done? It looks intentional to me, as both nslcd.conf and nss_ldap.conf contain commands overriding the default shell. Unselecting this option will use SSSD instead, where no override is in place.

(Tested with FN 11.1u7 and 11.2u7)
 
Top