Hi Michael,
On Thu, 24 May 2007, Michael Bushkov wrote:
Hello Mohacsi,
Other solution(?) would be to limit binddn access to read-only (also
limiting access only few attributes in LDAP) then exposing the bindpw would
not create big problem. However maintenance of LDAP ACI-s could be
difficult: nss_ldap attribute mapping and attribute usage should be
documented....
I think, that limiting binddn access to readonly is the best practice whether
you use nscd/cached or not. BTW, what kind of documentation do you need? I
can possibly provide the necessary information.
I am curious only which ldap attributes will be used.... I would give
access only those attributes in our LDAP servers which is necessary....
Thanks for your answer.
Regards,
Janos Mohacsi
Network Engineer, Research Associate, Head of Network Planning and Projects
NIIF/HUNGARNET, HUNGARY
Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
