7.1.9.6. Identification and Authentication (Organizational Users)ΒΆ
The pam_ldap module ensures that the username is mapped to the uid portion of the DN in LDAP.
The pam_ldap module is configured to tell the clients to ignore the following user names, forcing them to be authenticated locally:
- root
- bin
- daemon
- adm
- lp
- operator
- nobody
- dbus
- ntp
- saslauth
- postfix
- sshd
- puppet
- stunnel
- nscd
- haldaemon
- clamav
- rpcuser
- rpc
- clam
- nfsnobody
- rpm
- nslcd
- avahi
- gdm
- rtkit
- pulse
- hsqldb
- radvd
- apache
- tomcat
There as an ldap account created for LDAP administration. The username for that
account is LDAPAdmin
.
References: IA-2 : IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)