Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 41586

Summary: openldap and nss_ldap use different ldap.conf
Product: Gentoo Linux Reporter: Lars Kneschke <lars>
Component: [OLD] ServerAssignee: Robin Johnson <robbat2>
Status: RESOLVED INVALID    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: x86   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Lars Kneschke 2004-02-14 14:45:14 UTC
nss_ldap is using /etc/ldap.conf and openldap is using /etc/openldap/ldap.conf. So you have to edit 2 files with the same content. I think both apps should use the same file.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1 Holger Thon 2004-02-28 03:30:16 UTC
/etc/ldap.conf configures how nss_ldap should authenticate against a ldap server, resolve hosts, etc. (e.g. base dn, if you use rfc2307bis contexts or something different, bind dn and password for retrieving passwords). So it contains sensitive information which should only be accessible by the administrator.

/etc/openldap/ldap.conf configures the behaviour of client apps only (server to use, connect options - like client certificates, base search dn, etc.)
It contains _no_ information, how clients should interpret information stored on the server. For any client apps may use it, its world readable and should not be merged with /etc/ldap.conf for security reasons.

So it's not a bug, it's a feature ;-)
Comment 2 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-03-08 18:55:46 UTC
closing, not a bug.
thanks for the good explaination holger.