7.1.9.6. Identification and Authentication (Organizational Users)ΒΆ

The pam_ldap module ensures that the username is mapped to the uid portion of the DN in LDAP.

The pam_ldap module is configured to tell the clients to ignore the following user names, forcing them to be authenticated locally:

  • root
  • bin
  • daemon
  • adm
  • lp
  • mail
  • operator
  • nobody
  • dbus
  • ntp
  • saslauth
  • postfix
  • sshd
  • puppet
  • stunnel
  • nscd
  • haldaemon
  • clamav
  • rpcuser
  • rpc
  • clam
  • nfsnobody
  • rpm
  • nslcd
  • avahi
  • gdm
  • rtkit
  • pulse
  • hsqldb
  • radvd
  • apache
  • tomcat

There as an ldap account created for LDAP administration. The username for that account is LDAPAdmin.

References: IA-2 : IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)