[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: user management with ldap - tools

On Sun, Aug 19, 2001 at 01:22:31PM -0600, Eric Kilfoil wrote:
> I did write a web enabled version of this stuff, but it's tied in so
> closely with the company that I work for that I can't release it.
> FYI, there are some security implications you should consider.  I only
> let root execute these scripts (ie, root:other mode 700) and allow
> access to other users via sudo.  Your binddn password will be stored
> in the user.inc file, so keep permissions in mind there as well.  If
> you have any questions about the user class, let me know.

For extra credit, the scripts might bind with the user's credentials,
and these users have fine-grained control delegated to them via ACLs.
Then you can let the script be runnable by anyone, and you don't store
any passwords on the filesystem.

It is easy for me to suggest better ways without actually offering any
scripts myself though. :)