Holger Levsen wrote: > Hi, > > On Montag, 10. Mai 2010, Andreas B. Mundt wrote: >>> after having thought a bit more about the password issue, I think >>> we perhaps should add one more question during >>> installation/configuration of the main server: Enter the LDAP >>> password. > > I think thats a bad idea, as we already ask for the root password. > > We didnt want a(nother) password ldap-admin with lwat, so I dont see why we > want it with gosa. > >>> What do you think? Any better ideas? >> next idea: how about creating this (gosa-) password randomly and use >> the "old" root pw in addition for command line tools? > > so the gosa password would be for an account with the same right as ldap > admin, but with another name? (So that password can be random..)
I think a spesific service account similar to smbadmin (gosadmin?) with random password is the best option. Why does gosa need this access anyway ? Could gosa not ask the user for the password to bind to ldap? In the same way that lwat does it today ? Or are there cronjobs _writing_ to ldap ? sep -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
