[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: i have no name!

On Fri, 14 Feb 2003, Brian Jones wrote:

> I would absolutely love to have an understanding of how I could do away with
> the ldap.secret file.
> By 'root user' above, I'm thinking you're referring to using user 'root' in
> the binddn directive?  Do you make a dummy user for this purpose that exists
> only to bind to the directory?  Do you have an acl that addresses the perms
> needed by this user to do the mappings, and at the same time hide these same
> attr's from prying eyes?

If you create a user in LDAP with permissions over all objects, that's the
user referred to as root (bad name perhaps?).  I don't think it has to
be root (we are not using root but something else, for example).

> Again, any pointers to any docs on how to get rid of 'ldap.secret' would be
> very extremely helpful.  I feel very uncomfortable about having this file
> around. 

See my last message, setting up nss_ldap/pam_ldap in
that fashion (at least under Linux) works for us.

James Bourne

> Thanks for the input.
> Brian.

James Bourne, Supervisor Data Centre Operations
Mount Royal College, Calgary, AB, CA

This communication is intended for the use of the recipient to which it is
addressed, and may contain confidential, personal, and or privileged
information. Please contact the sender immediately if you are not the
intended recipient of this communication, and do not copy, distribute, or
take action relying on it. Any communication received in error, or
subsequent reply, should be deleted or destroyed.

"There are only 10 types of people in this world: those who
understand binary and those who don't."