On 17.2.2013 20:05, Rajnesh Kumar Siwal wrote:
Please guide us about the LDAP user
"uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com".
Does it has a read only access or read-write access to the
"uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com" ?
Because the file /etc/ldap.conf is readable by all the users, so I am
concerned about the security.


You can get effective access rights for any DN:

Command example:
/usr/lib64/mozldap/ldapsearch -D "cn=directory manager" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub -J 1.3.6.1.4.1.42.2.27.9.5.2:true:dn:uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com "(objectclass=*)"

Example was taken from section 8.4.11:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Examples-of-common-ldapsearches.html

Effective access rights description:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Viewing_the_ACIs_for_an_Entry-Get_Effective_Rights_Control.html

--
Petr^2 Spacek

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to