[Gllug] libnssldap woes
Matthew King
matthew.king at monnsta.net
Tue Nov 16 02:38:05 UTC 2004
On Fri, 2004-11-12 at 12:03 +0000, Simon Morris wrote:
> Replying to own post.
>
> So I had the permissions on /etc/libnss-ldap.conf set to 400 which is
> why non-root users couldn't resolve LDAP usernames.
>
> Works a lot nicer when they can read the file :)
>
> I guess the next stage is to obscure the LDAP bind password within the
> file so non-root users can't read it easily.
This password should be in a separate file /etc/ldap.secret or
something like that.
However for merely listing usernames with username<->UID mapping, you
shouldn't need a password as you can bind with the ldap server
anonymously and retrieve the data.
Unless, of course, you have applied some security to your LDAP database.
Matthew
--
I must take issue with the term "a mere child," for it has been my
invariable experience that the company of a mere child is infinitely
preferable to that of a mere adult.
-- Fran Lebowitz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: This is a digitally signed message part
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20041116/9a857645/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list