[Date Prev][Date Next]
Re: [pamldap] don't retrieve owner whith ls -l
I had the good nss_base_passwd but there was a bug in nss_base_group where
it was ou=Group instead of ou=Groups. I had also a bug in my Acls where I
permit only to authenticate for anonymous access. So I put in my Acls that
anybody can read * and nothing for the anonymous access.
so now my question is?
how can I do to resolv this security problem: I would like that anonymous
can only authenticate and other can read *
in ldap.conf I don't declare a binddn so that the access to the ldap server
are anonymous. I only declare a rootbinddn (but though that "ls" is owned
by root , the effective uid is the one of the logged user that run "ls")
and so If I declare in ACLs that anonymous can only authenticate then an
ls -l or id doesn't work properly.
What is the best way to do please, if anybody has an Idea
thank you very much
At 10:56 21/11/01 +0000, Dave Lewney wrote:
Lise Didillon wrote:
> I've sucessfully installed openldap 2.0.15 with pam_ldap 131. I use
> nis.schema for the user and group. I've construct the directory with the
> migration tools. Then I have added a new user Lise and some other users
> with ldapadd.
> I log as this new user Lise. all is Ok but when I run an "ls -l" it can't
> find owner files when the owner is one of the new user It just show the
> associated UidNumber.
> I think that have something to do with the index or the ACLs.
Have you got something like this in your client's ldap.conf ...
Principal Systems Programmer, Computing Service
University of Sussex, Brighton BN1 9QJ. Tel: 01273 678354 Fax: 01273