Re: [pamldap] don't retrieve owner whith ls -l

[Lise Didillon <ldidillon@prologue-software.fr>]

I had the good nss_base_passwd but there was a bug in nss_base_group where 
it was ou=Group instead of ou=Groups. I had also a bug in my Acls where I 
permit only to authenticate for anonymous access. So I put in my Acls that 
anybody can read * and nothing for the anonymous access.

so now my question is?
how can I do to resolv this security problem: I would like that anonymous 
can only authenticate and other can read *
in ldap.conf I don't declare a binddn so that the access to the ldap server 
are anonymous. I only declare a rootbinddn (but though that "ls" is owned 
by root , the effective uid is the one of the logged user that run "ls") 
and so  If I declare in ACLs that anonymous can only authenticate then an 
ls -l or id  doesn't work properly.
What is the best way to do please, if anybody has an Idea

thank you very much

Lise Didillon

At 10:56 21/11/01 +0000, Dave Lewney wrote:
> Lise Didillon wrote:
> >
> > hello,
> >
> > I've sucessfully installed openldap 2.0.15 with pam_ldap 131. I use
> > nis.schema for the user and group. I've construct the directory with the
> > migration tools. Then I have added a new user Lise and some other users
> > with ldapadd.
> >   I log as this new user Lise. all is Ok but when I run an "ls -l" it can't
> > find owner files when the owner is one of the new user It just show the
> > associated UidNumber.
> > I think that have something to do with the index or the ACLs.

......
Hi,

> Have you got something like this in your client's ldap.conf ...
>
> nss_base_passwd        ou=People,ou=confAdmin?one
>
> Dave
> --
> Dave Lewney
> Principal Systems Programmer, Computing Service
> University of Sussex, Brighton BN1 9QJ. Tel: 01273 678354 Fax: 01273
> 271956