[Samba] bindpw in ldap.conf

Adam Williams awilliam at whitemice.org
Mon May 3 01:59:53 GMT 2004

> Sorry if this question is more for the LDAP community, but since I ran 
> into this via the Samba3 by Example book, I'm asking here.  :)
> As described in Chapter 6, PAM and NSS Client Configuration, in the 

This is really more of a question for the nssldap list at PADL.

> ldap.conf file, is it necessary to have the bindpw line?  From what I 

You need the bindpw if you DSA doesn't permit anonymous binding or has
access controls that forbid anonymous from percieving the required

> have seen, ldap.conf needs to be world readable and having that entry 
> would seem to me to be a security risk.  Am I right?  If so, is there a 
> way round the security issue?

The bind dn and pw used by NSS should not be privileged to make
modifications and should only be able to perceive attributes relevant to
the NSS service, so there is no security issue.

More information about the samba mailing list