Hi,
I have an OpenLDAP server working only with port 636 with secure connections.
I have set a client with nssldap, to authenticate through the OpenLDAP directory.
In ldap.conf (for nssldap) I need to set the bind dn and bindpw for the clients to authenticate, but this should’t be needed
binddn uid=admin,ou=admins,dc=fe,dc=up,dc=pt
bindpw secret
although I’ve:
rootbinddn uid=admin,ou=admins,dc=fe,dc=up,dc=pt
and have set the /etc/ldap.secret with mode 600, the client can’t authenticate without the binddn and bindpw values set in ldap.conf.
Since ldap.conf is world readable, its not secure to store the bindpw in this file. Is there anyway to avoid this?
some details in SLAPD.CONF
_____________________________________
# The port.
port 636
require LDAPv3 bind authc strong
access to attr=userPassword
by dn="uid=admin,ou=admins,dc=fe,dc=up,dc=pt" read
by dn="uid=admindn,ou=admins,dc=fe,dc=up,dc=pt" read
by self write
by anonymous auth
by * none
access to *
by dn="cn=admin,dc=fe,dc=up,dc=pt" write
by dn="uid=admin,ou=admins,dc=fe,dc=up,dc=pt" read
by anonymous auth
by * none
Thanks,
Jorge Ruão
_______________________________________
CICA - Centro de Informática Prof. Correia de Aráujo
Faculdade de Engenharia da Universidade do Porto
E-mail- jruao@fe.up.pt