Petter proposel does not work with GOsa, because it doesn't fit the
concept. The users do not know the ldap admin password - and they
shouldn't. Like they shouldn't know the database passwords for a web
application of your choice. I don't get the problem - sorry.
I can place a note in the
Package: gosa
Version: 2.5.6-2
Severity: critical
Tags: security
Justification: root security hole
The documentation in gosa tells the admin to install gosa.conf under
/etc/gosa/gosa.conf, and to make it readable by the group www-data.
In this configuration file, the ldap admin password is
Finn-Arne Johansen wrote:
Package: gosa
Version: 2.5.6-2
Severity: critical
Tags: security
Justification: root security hole
The documentation in gosa tells the admin to install gosa.conf under
/etc/gosa/gosa.conf, and to make it readable by the group www-data.
In this configuration
Am Donnerstag 07 Dezember 2006 14:37 schrieb Finn-Arne Johansen:
Package: gosa
Version: 2.5.6-2
Severity: critical
Tags: security
Justification: root security hole
The documentation in gosa tells the admin to install gosa.conf under
/etc/gosa/gosa.conf, and to make it readable by the
Cajus Pollmeier skrev:
Am Donnerstag 07 Dezember 2006 14:37 schrieb Finn-Arne Johansen:
Package: gosa
Version: 2.5.6-2
Severity: critical
Tags: security
Justification: root security hole
The documentation in gosa tells the admin to install gosa.conf under
/etc/gosa/gosa.conf, and to make
One way to solve it is to require the people accessing the LDAP
database using the web to provide the LDAP admin password during the
interaction, and not store it in clear text on the server.
One way to avoid having to pass the LDAP admin password every time is
to store it in a cookie. It would
6 matches
Mail list logo
