On Wed, 23 Jul 2003, Jehan PROCACCIA wrote:
Kent, Ian I. wrote:
Maybe.No they aren't .
I will be using an anonymous (NULL basdn and password) connection for my LDAP patch initially.
Are your automount maps confidential.
however, as openldap defaults, and more eand more security defaults, are removing anonymous access, it doesn't work anymore if you keep with defaults !
It is also a problem for openldap ACL, today with autofs looking maps anonymously I had to add specific ACL:
access to attr=uid,objectclass,entry,ou,automountInformation,cn by dn="^$$" read
Point taken.
What is the need to password protect them.Why not implementing a real binddn/bindpassword as it is in /etc/ldap.conf:
The only question is will a bind with NULL basedn and password work with LDAP v2 and v3 in general as well as OpenLDAP 2.0 and OpenLDAP 2.1?
Where does /etc/openldap/ldap.conf fit in?
actually in the openldap world, /etc/ldap.conf is for nss/pam options, although /etc/openldap/ldap.conf is for openldap tools (ldapadd,ldapsearch etc ...) default parameters. Indeed, I noticed that autofs use /etc/openldap/ldap.conf for information as the openldap host to search by default, I had problems once, when I wanted to have not only the openldap master looked for, but also replicas, I keept modifyng /etc/ldap.conf ! however I finally put that in /etc/openldap/ldap.conf
HOST masterldap slave1 slave2
What if OpenLDAP is not the LDAP being used?Yes that might be a problem, I don't know if others use an /etc/ldap.conf or equivalent?
So are we saying best effort is adequate?Don't know about that patch, have a doc on it ? is it already included in distribs ? on my RH 9 system here's what I use:
I'm having enough trouble to get my current patch stable. I have a basic implementation for LDAP maps that adds support for direct map entries in either the automountMap or nisMap LDAP schema. Basically I merged the RedHat autofs v3 patch.
I will check it out further when the dust settles, not now.
$ rpm -qa | grep autofs
autofs-3.1.7-36
No (I suppose). I put this file in 600 owned by root, by running nscd with root account, information can be read through nscd, while keeping /etc/ldap.conf protected !.
# The distinguished name to bind to the server with. # Optional: default is to bind anonymously. binddn cn=proxyuser,dc=example,dc=com
# The credentials to bind with.
# Optional: default is no credential.
bindpw secret
Does this entry support encryption?
_______________________________________________ autofs mailing list [EMAIL PROTECTED] http://linux.kernel.org/mailman/listinfo/autofs
