9.1.9.6. Identification and Authentication (Organizational Users)ΒΆ
The pam_ldap module ensures that the username is mapped to the uid portion of the DN in LDAP.
The pam_ldap module is configured to tell the clients to ignore the following user names, forcing them to be authenticated locally:
root
bin
daemon
adm
lp
mail
operator
nobody
dbus
ntp
saslauth
postfix
sshd
puppet
stunnel
nscd
haldaemon
clamav
rpcuser
rpc
clam
nfsnobody
rpm
nslcd
avahi
gdm
rtkit
pulse
hsqldb
radvd
apache
tomcat
There as an ldap account created for LDAP administration. The username for that
account is LDAPAdmin
.
References: IA-2 : IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)