Re: ldap auth with nss_ldap on FC4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Subject: Re: ldap auth with nss_ldap on FC4
From: Gordon Messmer <yinyang@xxxxxxxxx>
Date: Sun, 26 Jun 2005 10:13:16 -0700
In-reply-to: <[email protected]>
List-archive: <https://www.redhat.com/archives/fedora-list>
List-help: <mailto:[email protected]?subject=help>
List-id: For users of Fedora Core releases <fedora-list.redhat.com>
List-post: <mailto:[email protected]>
List-subscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=subscribe>
List-unsubscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=unsubscribe>
References: <[email protected]>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
User-agent: Mozilla Thunderbird 1.0.2-6 (X11/20050513)

Daniel Chénard wrote:

in /etc/ldap.conf, if I use rootbinddn for my proxyageant,

That probably doesn't do what you want it to. That option only changes the way that root binds to the directory, and won't affect nscd. It also won't allow normal users to use LDAP as an NSS source.

that doesn't
seem to work but that work with binddn and bindpw. My
file /etc/ldap.secret mode is 0600 owner is root.root

That won't work, either. You can't hide the login credentials from your users. In order for the system to use LDAP as an NSS source, users must be able to bind to the directory and search for the relevant information. You can accomplish that in one of two ways: 1: Use ACIs in your directory that allow anonymous reads of non-sensitive fields like name, uid, gid, home directory, and allows anonymous authentication against the password attribute. 2: Create a user in the directory who can do all of the above, and put its credentials in ldap.conf with 0444 permissions.

Either way, users need to be able to make the queries, even if you're using nscd.

References:
- ldap auth with nss_ldap on FC4
  - From: Daniel Chénard

Prev by Date: Re: Best way to work with remote machines (only FTP access)
Next by Date: Re: Qt app crash on FC3/4 when LANG=de_DE.UTF-8
Previous by thread: ldap auth with nss_ldap on FC4
Next by thread: Re: ldap auth with nss_ldap on FC4
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]

Powered by Linux