In the last episode (May 24), Mohacsi Janos said: > I think there is a some architectural issues with the current > implementation of nsswitch or nsdispatch(3). Let's assume you want > to authenticate against an LDAP database. You will install nss_ldap > from port. You configure nss_ldap.conf with binddn and its bindpw. > Here comes the problem: > > 1. If permission of nss_ldap.conf is 0400 since it contains the > clear text password of the binddn, then an ordinary user cannot bind > to the database and cannot get UID->name information from LDAP > database. See output: > > [EMAIL PROTECTED]> ls -l /home > total 6 > drwxr-xr-x 3 9027 wheel 512 May 23 17:57 user1 > drwxrwxr-x 3 root 9030 512 May 23 15:14 documents > drwxr-xr-x 2 9013 9013 512 May 23 15:13 user2 > ....
You should be able to grant the anonymous user read access to user/group names and group membership attributes. That way you can do simple things like name->uid lookups without having to bind at all. -- Dan Nelson [EMAIL PROTECTED] _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"