[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap.conf must be world readable for nss_ldap ?



On Thu, Sep 13, benning Markus wrote:

> I have a problem with nss_ldap.
> nss_ldap requires /etc/ldap.conf to be world readable
> but when it's world readable everyone can read the
> binddn and the bindpw in it.

Do not use bindpw and binddn with nss_ldap.
Better use a combination of pam_ldap and nss_ldap.
 
> I need the bindpw to be only readable by the root user.
> I tryed it with a ldap.conf with 600 permissions and
> nscd running as root, but it did not work.

Not all apps that MUST read ldap.conf run as root.

-- 
With best regards,

Carsten Hoeger

SuSE, The Linux Experts, http://www.suse.com

Key fingerprint = E3B6 7FDB 4800 0F22 DC09  EB2B 7988 B6A8 6691 C94A

Attachment: pgpuaROSb0ZSB.pgp
Description: PGP signature