On Wed, Sep 05, 2001 at 11:35:06PM +0800, Federico Sevilla III wrote (wyy sez):
> Thank you Orly for your wonderfully prompt reply. It's nice to live in the
> same screwed up timezone as fellow geeks. ;>
>
> On Wed, 5 Sep 2001 at 23:16, Orlando Andico wrote:
> > ldapsearch -D "cn=root,dc=fubar,dc=org" -x -W -h 127.0.0.1 "uid=jijo"
>
> This shows everything (including the password since root is allowed to see
> that). Running ldapsearch plainly as in "ldapsearch -x" shows all my users
> and all the data (excludign the userPassword field).
>
> I also installed ldap-utils on the client and things work fine, too (can
> view anyone, and as root can view anyone's userPassword in whatever
> encryption became of them).
>
ummm. you can restrict the fields that are viewable in ldap. the
configuration file is in /etc/openldap/slapd.conf
it can be defined in the form:
access to <what> [ by <who> <access> <control> ]+
look at your LDAP administrators guide for more details. we basically
have a student email system running on openldap. it seems to be working
fine. by setting access permissions it would enable only certain users
to view certain fields. cool diba?
> > If you can.. on to the next step!
>
> Whee! ;>
>
> > you can get nss_ldap to work fairly easily (assuming you can connect
> > and query), see the /etc/ldap.conf file for nss_ldap
>
> No need for pam_ldap?
>
--
--------------------------------------
William Emmanuel S. Yu
Ateneo Cervini-Eliazo Networks (ACENT)
email : [EMAIL PROTECTED]
web : http://cersa.admu.edu.ph
phone : 63(2)4266001-5925/5904
GPG : http://sysads.ateneo.net/wyu/wyy.pgp
But scientists, who ought to know
Assure us that it must be so.
Oh, let us never, never doubt
What nobody is sure about.
-- Hilaire Belloc
PGP signature
