Maybe.
I will be using an anonymous (NULL basdn and password) connection for my LDAP patch initially. Are your automount maps confidential.
No they aren't .
however, as openldap defaults, and more eand more security defaults, are removing anonymous access, it doesn't work anymore if you keep with defaults !
It is also a problem for openldap ACL, today with autofs looking maps anonymously I had to add specific ACL:
access to attr=uid,objectclass,entry,ou,automountInformation,cn
by dn="^$$" readWhat is the need to password protect them. The only question is will a bind with NULL basedn and password work with LDAP v2 and v3 in general as well as OpenLDAP 2.0 and OpenLDAP 2.1?
Why not implementing a real binddn/bindpassword as it is in /etc/ldap.conf:
# The distinguished name to bind to the server with. # Optional: default is to bind anonymously. binddn cn=proxyuser,dc=example,dc=com
# The credentials to bind with. # Optional: default is no credential. bindpw secret
-----Original Message----- From: Jehan PROCACCIA [SMTP:[EMAIL PROTECTED] Sent: Tuesday, July 22, 2003 3:14 PM To: Kent, Ian I. Cc: [EMAIL PROTECTED] Subject: Re: [autofs] autofs and openldap2.1
it is already in a config file for pam/nss ldap; in /etc/ldap.conf
if autofs could actually use that file to retrieve binddn/password that would be fine .
Kent, Ian I. wrote:
> > But the password would need to be specified in a config. somewhere.
> How would you read master maps?
> > -----Original Message-----
> From: Jehan PROCACCIA [SMTP:[EMAIL PROTECTED]
> Sent: Monday, July 21, 2003 3:47 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: [autofs] autofs and openldap2.1
> > A workaround is adding this to slapd.conf:
> > # The next line allows LDAPv2 bind requests, which are disabled by default.
> allow bind_v2 bind_anon_dn
> > > However, that would be fine to have an autofs patch with something that > allow to use a binddn/bindpassword pair instead of anonymous bind !
> > [EMAIL PROTECTED] wrote:
> > Hello,
> > > > I'm looking into upgrading my ldap server to 2.1.
> > In 2.1 of openldap they no longer allow you to bind to a DN w/ a null
> > password and get anon access (you need to use a null DN as well):
> > > > sjh% ldapsearch -x -h server -D ou=People,dc=foo,dc=com -W uid=sjh
> > Enter LDAP Password: > > ldap_bind: DSA is unwilling to perform
> > additional info: unauthenticated bind (DN with no password) disallowed
> > > > autofs binds in this way: (lookup_ldap.c line 96)
> > /* Connect to the server as an anonymous user. */
> > rv = ldap_simple_bind_s(ldap, ctxt->base, NULL);
> > > > Is this done for a reason, or is it historical?
> > > > > > -Seth
> > _______________________________________________
> > autofs mailing list
> > [EMAIL PROTECTED]
> > http://linux.kernel.org/mailman/listinfo/autofs
> > > > -- > Jehan Procaccia | Ingenieur Systemes & Reseaux
> Institut National des Telecommunications| Tel : +33 (0) 160764436
> MCI, Moyens Communs Informatiques | Mail: [EMAIL PROTECTED]
> 9 rue Charles Fourier 91011 Evry France | Fax : +33 (0) 160764321
> > _______________________________________________
> autofs mailing list
> [EMAIL PROTECTED]
> http://linux.kernel.org/mailman/listinfo/autofs
> > _______________________________________________
> autofs mailing list
> [EMAIL PROTECTED]
> http://linux.kernel.org/mailman/listinfo/autofs
-- Jehan Procaccia | Ingenieur Systemes & Reseaux
Institut National des Telecommunications| Tel : +33 (0) 160764436
MCI, Moyens Communs Informatiques | Mail: [EMAIL PROTECTED]
9 rue Charles Fourier 91011 Evry France | Fax : +33 (0) 160764321
_______________________________________________ autofs mailing list [EMAIL PROTECTED] http://linux.kernel.org/mailman/listinfo/autofs
-- Jehan Procaccia | Ingenieur Systemes & Reseaux Institut National des Telecommunications| Tel : +33 (0) 160764436 MCI, Moyens Communs Informatiques | Mail: [EMAIL PROTECTED] 9 rue Charles Fourier 91011 Evry France | Fax : +33 (0) 160764321
_______________________________________________ autofs mailing list [EMAIL PROTECTED] http://linux.kernel.org/mailman/listinfo/autofs
