[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [pamldap] don't retrieve owner whith ls -l




I had the good nss_base_passwd but there was a bug in nss_base_group where it was ou=Group instead of ou=Groups. I had also a bug in my Acls where I permit only to authenticate for anonymous access. So I put in my Acls that anybody can read * and nothing for the anonymous access.


so now my question is?
how can I do to resolv this security problem: I would like that anonymous can only authenticate and other can read *
in ldap.conf I don't declare a binddn so that the access to the ldap server are anonymous. I only declare a rootbinddn (but though that "ls" is owned by root , the effective uid is the one of the logged user that run "ls") and so If I declare in ACLs that anonymous can only authenticate then an ls -l or id doesn't work properly.
What is the best way to do please, if anybody has an Idea


thank you very much

Lise Didillon

At 10:56 21/11/01 +0000, Dave Lewney wrote:
Lise Didillon wrote:
>
> hello,
>
> I've sucessfully installed openldap 2.0.15 with pam_ldap 131. I use
> nis.schema for the user and group. I've construct the directory with the
> migration tools. Then I have added a new user Lise and some other users
> with ldapadd.
>   I log as this new user Lise. all is Ok but when I run an "ls -l" it can't
> find owner files when the owner is one of the new user It just show the
> associated UidNumber.
> I think that have something to do with the index or the ACLs.

...... Hi,

Have you got something like this in your client's ldap.conf ...

nss_base_passwd        ou=People,ou=confAdmin?one

Dave
--
Dave Lewney
Principal Systems Programmer, Computing Service
University of Sussex, Brighton BN1 9QJ. Tel: 01273 678354 Fax: 01273
271956