[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Reg OpenLdap on Ubuntu

To: Howard Chu <hyc@symas.com>
Subject: Re: Reg OpenLdap on Ubuntu
From: Asimananda Mohanty <asimananda.mohanty@gmail.com>
Date: Fri, 11 Sep 2009 12:08:15 +0530
Cc: Matt Kassawara <battery@writeme.com>, openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=6CYbPAKsPgALo+D3FK4aVOfQ7Rer6z5lpdGI9mdW+r4=; b=RMJ1WIC5pJCULiqApN8QcuZfoqIU5NF/PjZ01XXu8qP/jhzjlaCFXCmQ8wnOC66u23 E/6MLnvjR0bUxh0eUVWniDzTXJ46Tbm8/zZl5vPcpHfM6KItVCW41DerotE/oxthJAjo v5LBWVIwDgCBlAMk7MW+HthB1H4cnq/1iOuvU=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=TCEBJq0JGSMK/wUiz0+0B1pnI50DRHVZ3OO1cNr6OTWrNnKhDaLHxGusM7SwoFR6VQ tuJvtOM5c/jew2z/maPn/UpQwI3lZgX3a8uhR4jNj04vnrMMbViD2J3KaZfVyt4Ce8bZ H1hiafBYVyWQ4R8XfYJr+NsGRnrnWqVdWF1f8=
In-reply-to: <4AA9EDEB.5070409@symas.com>
References: <d375fb280907100400o26cc0aebo4d964a21c1c16e0f@mail.gmail.com> <4A645BB8.7080304@stroeder.com> <d375fb280907200508t930906bmf1e40468e54323@mail.gmail.com> <9d16b5480907220812v69750520m1609fd7f860b4b4b@mail.gmail.com> <d375fb280907222231v254eeb67k68e618a05f637619@mail.gmail.com> <9d16b5480907230701m4f9960ees45787656b23e6743@mail.gmail.com> <d375fb280908310349j46502da7nd82ad898000d12fa@mail.gmail.com> <9d16b5480908310629n1d6558a4hf3c99b5c9ba34d51@mail.gmail.com> <d375fb280909102319g123c540cm38bd8dc67d91c1e7@mail.gmail.com> <4AA9EDEB.5070409@symas.com>

Hi Howard,

I have changed the ownership of /etc/sasldb2 to openldap:openldap and also changed the permission to 640.

For the time being, I may continue with this option and in the future, I will surely shift to the other one i.e. avoiding use of sasldb.

Thank you very much.

Regards

Asimananda

On Fri, Sep 11, 2009 at 11:57 AM, Howard Chu <hyc@symas.com> wrote:

Asimananda Mohanty wrote:

Hi Matt,

I just changed the permission level of /etc/sasldb2 from 640 to 644 and
the command "ldapsearch -d8 -ZZ -b dc=ldap-company,dc=com
uid=asimananda" started working fine.

Generally that's a bad idea, since it exposes all of your SASL passwords to anyone who can access that machine or filesystem. Instead you should just make sure that slapd is running as a user that belongs to the same group as the sasldb file, or is the owner of the file.

And of course, the better approach when using SASL is not to use a sasldb file at all, and just store the SASL secrets in the LDAP directory.

I have one more doubt. The above command works fine and accepts password
too but when I changed the option "-b" to "-D", it stopped working. I
read somewhere that -D should not be used with SASL. I am bit confused
about the same.

Thanks for being so helpful.

Thanks all.

Regards
Asimananda

On Mon, Aug 31, 2009 at 6:59 PM, Matt Kassawara <battery@writeme.com
<mailto:battery@writeme.com>> wrote:

I recommend reading section 15.2.3 through 15.2.6 of the OpenLDAP
2.4 administrator's guide.

--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/

References:
- Re: Reg OpenLdap on Ubuntu
  - From: Asimananda Mohanty <asimananda.mohanty@gmail.com>
- Re: Reg OpenLdap on Ubuntu
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Reg OpenLdap on Ubuntu
Next by Date: Re: Reg Adding New Attributes
Index(es):
- Chronological
- Thread