[contribteam] [Bug 5762] Do not use the root user, but configure a specific user to read the LDAP database

Tue, 05 Nov 2013 20:50:51 -0800 

==================================================================
  Please DO NOT REPLY to this mail or send email to the developers
  about this bug. Please follow-up to Bugzilla using this link:
    http://bugs.contribs.org/show_bug.cgi?id=5762

  Have you checked the Frequently Asked Questions (FAQ)?
    http://wiki.contribs.org/SME_Server:Documentation:FAQ

  Please also take the time to read the following useful guide:
    http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
==================================================================

Unnilennium <[email protected]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|CONFIRMED                   |IN_PROGRESS
            Version|7.4                         |8.0

--- Comment #4 from Unnilennium <[email protected]> ---
well new version of phpldadmin on SME8  allow me to understand how to trick
that :


by default we could put :
$servers->setValue('server','tls',false);
$servers->setValue('login','anon_bind',true);
$servers->setValue('login','attr','uid');
$servers->setValue('login','auth_type','http');
$servers->SetValue('login','bind_id','cn=root,[...]');
$servers->setValue('login','bind_pass','passwdhere');

or if the user wants to mess up :

$servers->setValue('server','tls',false);
$servers->setValue('login','anon_bind',true);
$servers->setValue('login','attr','dn');
$servers->setValue('login','auth_type','config');
$servers->SetValue('login','bind_id','cn=root,[...]');
$servers->setValue('login','bind_pass','passwdhere');



alternatively we can add to /etc/openldap/slapd.conf :

access to *
        by dn="uid=admin,ou=Users,[...]" manage


I will patch the current smeserver-phpldapadmin to allow to only wiew as admin
ad default, and if the option unsecure=enable switch to connect as root to ldap
while connected as admin in httpd.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

_______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at http://lists.contribs.org/mailman/public/contribteam/

Reply via email to