Summary: | openldap and nss_ldap use different ldap.conf | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Lars Kneschke <lars> |
Component: | [OLD] Server | Assignee: | Robin Johnson <robbat2> |
Status: | RESOLVED INVALID | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Lars Kneschke
2004-02-14 14:45:14 UTC
/etc/ldap.conf configures how nss_ldap should authenticate against a ldap server, resolve hosts, etc. (e.g. base dn, if you use rfc2307bis contexts or something different, bind dn and password for retrieving passwords). So it contains sensitive information which should only be accessible by the administrator. /etc/openldap/ldap.conf configures the behaviour of client apps only (server to use, connect options - like client certificates, base search dn, etc.) It contains _no_ information, how clients should interpret information stored on the server. For any client apps may use it, its world readable and should not be merged with /etc/ldap.conf for security reasons. So it's not a bug, it's a feature ;-) closing, not a bug. thanks for the good explaination holger. |