[Fedora-directory-users] Anonymous bind with restrictive ACIs

Does anyone know what the minimum set of attributes are that need to be anonymously readable and still allow the OpenLDAP PAM client to authenticate? I tried to lock it down to only allow username, but that was too restrictive. Now I just have it restricting only the userPassword, but I thing there is room for further tightening. Sam Adams General Dynamics - Information Technology Phone: 210.536.5945