[Samba] bindpw in ldap.conf
Dan Hill
dwh6 at cwru.edu
Mon May 3 02:17:16 GMT 2004
Adam Williams wrote:
>>Sorry if this question is more for the LDAP community, but since I ran
>>into this via the Samba3 by Example book, I'm asking here. :)
>>As described in Chapter 6, PAM and NSS Client Configuration, in the
>
>
> This is really more of a question for the nssldap list at PADL.
I had a feeling.
>
>
>>ldap.conf file, is it necessary to have the bindpw line? From what I
>
>
> You need the bindpw if you DSA doesn't permit anonymous binding or has
> access controls that forbid anonymous from percieving the required
> attributes.
>
>
>>have seen, ldap.conf needs to be world readable and having that entry
>>would seem to me to be a security risk. Am I right? If so, is there a
>>way round the security issue?
>
>
> The bind dn and pw used by NSS should not be privileged to make
> modifications and should only be able to perceive attributes relevant to
> the NSS service, so there is no security issue.
>
That was my thought as well, but the example shown in the book used
cn=Manager, which to me implied write access, so I just wanted to verify
that write access was not necessary.
Thanks,
~Dan
--
--------------------------
Dan Hill
dwh6 at cwru.edu
--------------------------
More information about the samba
mailing list