I setup a RHDS server for authentication along with my a test client, and everything seems to working well. Before I deploy this solution into production I would like to know what I can do in regards to security.
I got rid of my ldap.secret file, as I don't think I need it. I do not mind if root cannot change other peoples passwords from anywhere.
The next problem that I'm running into is that I currently have my binddn set to cn=Directory Manager, and thus my most important password is still writtent in clear text in ldap.conf. Can some one explain (or point to an article which shows) how to create another user to use for my binddn? Is it as simple as making a regular user, or do I need to adjust any particular permissions. I would prefer this user to be read-only.
Any particular tools to scan and see what can be accessed anonomously and what can be access with a particular binddn?
Any other recomendations?
I got rid of my ldap.secret file, as I don't think I need it. I do not mind if root cannot change other peoples passwords from anywhere.
The next problem that I'm running into is that I currently have my binddn set to cn=Directory Manager, and thus my most important password is still writtent in clear text in ldap.conf. Can some one explain (or point to an article which shows) how to create another user to use for my binddn? Is it as simple as making a regular user, or do I need to adjust any particular permissions. I would prefer this user to be read-only.
Any particular tools to scan and see what can be accessed anonomously and what can be access with a particular binddn?
Any other recomendations?
-- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
