Re: Re: pam_ldap + nscd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, 2007-10-01 at 07:27 -0700, Craig White wrote:
> On Mon, 2007-10-01 at 07:40 -0500, Steve Rigler wrote:
> > On Sun, 2007-09-30 at 19:15 +0200, Felix Schwarz wrote:
> > > Eventually I found the problem:
> > > nscd did bind anonymously and slapd was configured to prevent access to ldap 
> > > information by anonymous users. I thought that specifying "rootbinddn" and the 
> > > correct password in ldap.secret would prevent that but obviously nscd needs 
> > > "binddn" and "bindpw" in ldap.conf.
> > > 
> > > fs
> > > 
> > 
> > nscd runs as user "nscd" so it's not going to use rootbinddn.
> ----
> rootbinddn does not have anything to do with 'user root'
> 
> 'User root' can bind as whatever is in /root/.ldaprc which by default is
> nothing which will default to whatever values are set as binddn/bindpw
> in /etc/ldap.conf
> 
> rootbinddn is the all-powerful bind of LDAP
> 
> Craig

It has a lot to do with user root if you use rootbinddn in
"/etc/ldap.conf" and put the password into "/etc/ldap.secret" which
should only be readable by root.

-Steve
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux