Rich Megginson wrote:
When you first log in to the console, and you type in your ID, the
directory server has no credentials, and has to perform an anonymous
search for uid=youruid to find your BIND DN. This is the same as when
you log in to the operating system - pam has to do a search like
uid=youruserid as anonymous to find your BIND DN. Not sure why
selecting Use SSL in Console would fix that.
It does not /have/ to perform an anonymous bind, it can do a proxy
bind. PAM supports this as well, just by providing it with a 'binddn'
and 'bindpw' in /etc/ldap.conf.
The console should also support proxy authentication.