In this order, the security of your password will be protected, but the
read access to the objectClass possixAccount needed by nss_ldap will be
provided. You can't specify access to possixAccount without giving access
to objectClass because the former is a value of the latter.
Your rootbinddn should then be whatever you set as your admindn. You could
also set up a special user to do this root binding. I use the same one I
use for replication. You will need to put the password for this user in
/etc/ldap.secret in plain text, so this file should be readable only by
root.
Craig
On Mon, 14 Jan 2002, Stephan Lauffer wrote:
hi!
hope it's not to OT here...
maybe somebody has allready checked out acl settings
for the use of nss_ldap (objectclass: possixAccount should
define the needed attributes).
I wanna have a minimum of needed permissions.
Thinking about adding a new "rootbinddn" (see ldap.conf)
for every host using nss_ldap...
Can somebody please tell me what permissions are needed
for nss_ldap?
Liebe Gruesse, with best regards
Stephan Lauffer
[ Pedagogical University Freiburg - Germany ]
[ http://www.ph-freiburg.de/zik/ ]