[Samba] search in ldap
IOhannes zmoelnig
zmoelnig at iem.kug.ac.at
Mon Aug 26 00:28:00 GMT 2002
Bradley W. Langhorst wrote:
> On Fri, 2002-08-23 at 09:26, Camus Moire wrote:
>
>>Can someone point me to some documentation about
>>how privileges had to be with security in mind.
>>(root in ldap == distorted stomach)
i had these too...(note the past tense)
> I don't think it is a serious problem to have root in ldap
> since you have ldap set up restrict access to the passwords...
true
>
> If you're really worried about it you could leave root local
> and set up a different account to be the samba admin (i've not done that
> but I think it is possible)
that i do not think.
i couldn't make it work but with the name "root".
however, the ldap-entry for "root" for samba-sake need only be of
sambaAccount (no posixAccount). [now writing this i do not think, that
this was the solution to my problem. however read on:]
i have put all the administrative accounts in a separate ldap-subtree,
which cannot (or only restricted) be read by the pam_ldap-operator.
Since the samba-"root"-account lives in this sub-tree, it cannot be
accessed for logging into a unix-machine and therefore the real "root"s
are kept local.
mfg.ds.ar
IOhanne
>
> brad
>
More information about the samba
mailing list