On Tue, 2007-05-15 at 13:56 -0700, Joshua M. Miller wrote: > The premise here is that you need the ldap user to start ldap...after > that, who cares, right? I would not configure any daemon users in ldap > and I have no issues with my system, this is primarily to allow OpenlDAP > restart without waiting and to always allow root logins. I would not > add anything more than root and ldap to this configuration. > > There is more than way to do it, but I prefer belt and suspenders when > it comes to authentication. > ---- I agree and the curious thing is that I have done it this way since RHEL 3 (though with RHEL 3, I compiled 2.2.x versions of openldap instead of using 2.0.x) and I never had an issue with being able to log in as root with the same settings.
This server had RHEL 3 and lost 2 hard drives in my RAID 5 array and it made more sense to just do a clean install of RHEL 5 and copy the files that I needed and so things like /etc/ldap.conf and /etc/nsswitch.conf (the padl stuff) were the exact same and that was now a problem on RHEL 5. Thanks to the list for making this manageable. Craig _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
