[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: RFC [Samba/NIS + LDAP]

To: "'Erik Persson'" <erik@roxen.com>, openldap-software@OpenLDAP.org
Subject: RE: RFC [Samba/NIS + LDAP]
From: Jeff Costlow <j.costlow@f5.com>
Date: Mon, 12 Nov 2001 14:24:41 -0800

Title: RE: RFC [Samba/NIS + LDAP]

-----Original Message-----
From: Erik Persson [mailto:erik@roxen.com]
Sent: Monday, November 12, 2001 2:10 PM
To: openldap-software@OpenLDAP.org
Subject: Re: RFC [Samba/NIS + LDAP]

<snip>

* Pitfalls... Access control is fundamental, especially for the Windows
password hashes. You don't want these hashes to get sniffed from the
network either so use LDAPS (LDAP with SSL/TLS) whenever possible. By
the way: Can you set an ACL that allows a user to fetch an attribute
when using an SSL connection but not otherwise? Also, if you use Samba
and have any kind of debugging enabled the same hashes wind up in Sambas
log file.
<snip>

access to dn="ou=People,dc=blech,dc=foo" attr=userPassword
        by self ssf=128 write
        by self peername="127\.0\.0\.1"
        by anonymous auth
        by * none

will only allow an authenticated user to change his password either over an SSL link or from localhost.

Prev by Date: Re: RFC [Samba/NIS + LDAP]
Next by Date: ldap_bind: can't access LDAP server
Index(es):
- Chronological
- Thread