[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap.conf must be world readable for nss_ldap ?

To: benning Markus <benning@erlm.siemens.de>
Subject: Re: ldap.conf must be world readable for nss_ldap ?
From: Carsten Hoeger <choeger@suse.de>
Date: Thu, 13 Sep 2001 18:28:48 +0200
Cc: nssldap@padl.com, openldap-software@OpenLDAP.org
Content-disposition: inline
In-reply-to: <20010913172046.C2096@erls02.siemens.de>; from benning@erlm.siemens.de on Thu, Sep 13, 2001 at 05:20:46PM +0200
References: <20010913172046.C2096@erls02.siemens.de>
User-agent: Mutt/1.3.16i

On Thu, Sep 13, benning Markus wrote:

> I have a problem with nss_ldap.
> nss_ldap requires /etc/ldap.conf to be world readable
> but when it's world readable everyone can read the
> binddn and the bindpw in it.

Do not use bindpw and binddn with nss_ldap.
Better use a combination of pam_ldap and nss_ldap.
 
> I need the bindpw to be only readable by the root user.
> I tryed it with a ldap.conf with 600 permissions and
> nscd running as root, but it did not work.

Not all apps that MUST read ldap.conf run as root.

-- 
With best regards,

Carsten Hoeger

SuSE, The Linux Experts, http://www.suse.com

Key fingerprint = E3B6 7FDB 4800 0F22 DC09  EB2B 7988 B6A8 6691 C94A

Attachment: pgpuaROSb0ZSB.pgp
Description: PGP signature

References:
- ldap.conf must be world readable for nss_ldap ?
  - From: benning Markus <benning@erlm.siemens.de>

Prev by Date: Re: Problem when add more value to userCertificate attribute...
Next by Date: Newbie MD5 encryption question
Index(es):
- Chronological
- Thread