Dnia czwartek, 12 października 2006 17:50, Leandro Melo de Sales napisał:
> I'm configured a LDAP server to be used as a users database. Now, I > want to setup linux box clients to auth against LDAP server. I > installed ldap-pam and ldap-nss. In /etc/ldap.conf file I have to > inform rootdn password. What is the best way to do this since the > configuration file has to be readable to all. I think that use > privileged login in this situation (even if I use /etc/ldap.secret > file) is dangerous. So, should I created a LDAP user just to be used > as a rootdn login? how can I create a nonprivileged login? 1. You create user in LDAP tree _outside_ ou=people tree 2. Set password for it and disable shell login (just in case) 3. Tell ldap-nss to use this user as binddn= with pass bindpw= 4. Allow owner of the record (logged-on user) to change his/her password -- Pawel Kraszewski www.kraszewscy.net -- [email protected] mailing list
