Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 41586 - openldap and nss_ldap use different ldap.conf
Summary: openldap and nss_ldap use different ldap.conf
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Server (show other bugs)
Hardware: x86 Linux
: High normal (vote)
Assignee: Robin Johnson
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-02-14 14:45 UTC by Lars Kneschke
Modified: 2004-03-08 18:55 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Lars Kneschke 2004-02-14 14:45:14 UTC 
nss_ldap is using /etc/ldap.conf and openldap is using /etc/openldap/ldap.conf. So you have to edit 2 files with the same content. I think both apps should use the same file.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1 Holger Thon 2004-02-28 03:30:16 UTC 
/etc/ldap.conf configures how nss_ldap should authenticate against a ldap server, resolve hosts, etc. (e.g. base dn, if you use rfc2307bis contexts or something different, bind dn and password for retrieving passwords). So it contains sensitive information which should only be accessible by the administrator.

/etc/openldap/ldap.conf configures the behaviour of client apps only (server to use, connect options - like client certificates, base search dn, etc.)
It contains _no_ information, how clients should interpret information stored on the server. For any client apps may use it, its world readable and should not be merged with /etc/ldap.conf for security reasons.

So it's not a bug, it's a feature ;-)
Comment 2 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-03-08 18:55:46 UTC 
closing, not a bug.
thanks for the good explaination holger.