[gentoo-user] LDAP with no privileged login

[gentoo-user] LDAP with no privileged login

[Leandro Melo de Sales]

Hi list,

  I'm configured a LDAP server to be used as a users database. Now, I
want to setup linux box clients to auth against LDAP server. I
installed ldap-pam and ldap-nss. In /etc/ldap.conf file I have to
inform rootdn password. What is the best way to do this since the
configuration file has to be readable to all. I think that use
privileged login in this situation (even if I use /etc/ldap.secret
file) is dangerous. So, should I created a LDAP user just to be used
as a rootdn login? how can I create a nonprivileged login?

Thank you,

Leandro.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] LDAP with no privileged login

[Pawel Kraszewski]

Dnia czwartek, 12 października 2006 17:50, Leandro Melo de Sales napisał:

>   I'm configured a LDAP server to be used as a users database. Now, I
> want to setup linux box clients to auth against LDAP server. I
> installed ldap-pam and ldap-nss. In /etc/ldap.conf file I have to
> inform rootdn password. What is the best way to do this since the
> configuration file has to be readable to all. I think that use
> privileged login in this situation (even if I use /etc/ldap.secret
> file) is dangerous. So, should I created a LDAP user just to be used
> as a rootdn login? how can I create a nonprivileged login?

1. You create user in LDAP tree _outside_ ou=people tree
2. Set password for it and disable shell login (just in case)
3. Tell ldap-nss to use this user as binddn= with pass bindpw=
4. Allow owner of the record (logged-on user) to change his/her password

-- 
 Pawel Kraszewski
 www.kraszewscy.net

-- 
gentoo-user@gentoo.org mailing list