Does anyone know what the minimum set of attributes are that need to be anonymously readable and still allow the OpenLDAP PAM client to authenticate? 

 

I tried to lock it down to only allow username, but that was too restrictive.  Now I just have it restricting only the userPassword, but I thing there is room for further tightening. 

 

Sam Adams

General Dynamics - Information Technology

Phone: 210.536.5945