[Gllug] libnssldap woes
Simon Morris
simon.morris at cmtww.com
Fri Nov 12 12:03:56 UTC 2004
On 12 Nov 2004, at 08:27, Morris, Simon wrote:
> Hello!
>
> I have a server which was setup to lookup against LDAP for user IDs
> etc using libnssldap from Debian testing.
>
> Its a mail server so no local users get shell access. I've realised
> after setting up some scripts to run as non-root access that only root
> is able to resolve names from LDAP
>
Replying to own post.
So I had the permissions on /etc/libnss-ldap.conf set to 400 which is
why non-root users couldn't resolve LDAP usernames.
Works a lot nicer when they can read the file :)
I guess the next stage is to obscure the LDAP bind password within the
file so non-root users can't read it easily.
Thanks
~SM
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 797 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20041112/8cfc5921/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2373 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20041112/8cfc5921/attachment-0001.bin>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list