Am Montag 10 Mai 2010, 12:15:05 schrieb Andreas B. Mundt: > Hi all, > > as you probably noticed I currently try to implement gosa in > debian-edu as admin tool to manage users and groups (so far). To use > gosa out of the box after installation, I already prepared the > necessary configurations and the templates added to ldap during > ldap-bootstrap, and things look promising. > > I currently have only one problem left: How to put the ldap rootdn > password in the gosa.conf file. After the (cleartext) password has > been dropped there during install, we can use gosa-encrypt-passwords to > encrypt it and make sure no cleartext passwords remain. > > Afaik, we drop the root password hash (for example into ldap) during > install to allow password checks, but we have no cleartext password > around. > > Is it possible to base the gosa password check on that hash (dropped > somewhere during install) too? Or are there any other ways to avoid > cleartext even during installation?
Hmm. I'm not sure if I understand what you're trying to do... GOsa needs the (effective) clear text password to authenticate itself to the LDAP service. The hashing used by "gosa-encrypt-password" is just to avoid that the authentication data is readable by any other 'whatsoever' running as www-data. If you know the password before installing, you need to generate the key set in the gosa-apache.conf and the one in the gosa.conf to make the final authentication work. HTH, Cajus -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
