[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP access privileges

Title: OpenLDAP access privileges


I have an OpenLDAP server working only with port 636 with secure connections.

I have set a client with nssldap, to authenticate through the OpenLDAP directory.

In ldap.conf (for nssldap) I need to set the bind dn and bindpw for the clients to authenticate, but this shouldt be needed

binddn uid=admin,ou=admins,dc=fe,dc=up,dc=pt

bindpw secret

although Ive:

rootbinddn uid=admin,ou=admins,dc=fe,dc=up,dc=pt

and have set the /etc/ldap.secret with mode 600, the client cant authenticate without the binddn and bindpw values set in ldap.conf.

Since ldap.conf is world readable, its not secure to store the bindpw in this file. Is there anyway to avoid this?

some details in SLAPD.CONF


# The port.

port 636

require LDAPv3 bind authc strong

access to attr=userPassword

        by dn="uid=admin,ou=admins,dc=fe,dc=up,dc=pt" read

        by dn="uid=admindn,ou=admins,dc=fe,dc=up,dc=pt" read

        by self write

        by anonymous auth

        by * none

access to *

        by dn="cn=admin,dc=fe,dc=up,dc=pt" write

        by dn="uid=admin,ou=admins,dc=fe,dc=up,dc=pt" read

        by anonymous auth

        by * none


Jorge Ruão


CICA - Centro de Informática Prof. Correia de Aráujo

Faculdade de Engenharia da Universidade do Porto

E-mail- jruao@fe.up.pt