[Mageia-sysadm] [377] - add nssldap password handling
Guillaume Rousse
guillomovitch at zarb.org
Wed Nov 24 21:04:51 CET 2010
Le 22/11/2010 12:56, Buchan Milne a écrit :
> I would prefer if we can instead use:
> -"rootbinddn" in /etc/ldap.conf, not binddn
> -place password in /etc/ldap.secret
> -use nscd, so all LDAP access is as root (so, no need to expose passwords in
> files that must be world-readable), as a side-effect also avoiding problems
> with file descriptors used by any process doing a user lookup etc.
>
> Permissions on /etc/ldap.conf should be 0644, /etc/ldap.secret can be 0600.
Even better, give ldap write access to individual admin accounts, and
not to root user. No need to store any password, and you keep track of
who's doing what.
--
BOFH excuse #70:
nesting roaches shorted out the ether cable
More information about the Mageia-sysadm
mailing list