[Date Prev][Date Next]
Re: permissions (acl) for nss_ldap
Interesting. So giving access to an objectclass gives the entity (DN,
group, etc) access to all attributes under that objectclass?
access to attr=objectClass
by dn="your-admin-dn-here" write
by * read
In this order, the security of your password will be protected, but the
read access to the objectClass possixAccount needed by nss_ldap will be
provided. You can't specify access to possixAccount without giving access
to objectClass because the former is a value of the latter.
Your rootbinddn should then be whatever you set as your admindn. You could
also set up a special user to do this root binding. I use the same one I
use for replication. You will need to put the password for this user in
/etc/ldap.secret in plain text, so this file should be readable only by
On Mon, 14 Jan 2002, Stephan Lauffer wrote:
hope it's not to OT here...
maybe somebody has allready checked out acl settings
for the use of nss_ldap (objectclass: possixAccount should
define the needed attributes).
I wanna have a minimum of needed permissions.
Thinking about adding a new "rootbinddn" (see ldap.conf)
for every host using nss_ldap...
Can somebody please tell me what permissions are needed
Liebe Gruesse, with best regards
[ Pedagogical University Freiburg - Germany ]
[ http://www.ph-freiburg.de/zik/ ]