Sorry if this question is more for the LDAP community, but since I ran into this via the Samba3 by Example book, I'm asking here. :)
As described in Chapter 6, PAM and NSS Client Configuration, in the
This is really more of a question for the nssldap list at PADL.
I had a feeling.
ldap.conf file, is it necessary to have the bindpw line? From what I
You need the bindpw if you DSA doesn't permit anonymous binding or has access controls that forbid anonymous from percieving the required attributes.
have seen, ldap.conf needs to be world readable and having that entry would seem to me to be a security risk. Am I right? If so, is there a way round the security issue?
The bind dn and pw used by NSS should not be privileged to make modifications and should only be able to perceive attributes relevant to the NSS service, so there is no security issue.
That was my thought as well, but the example shown in the book used cn=Manager, which to me implied write access, so I just wanted to verify that write access was not necessary.
Thanks,
~Dan
-- -------------------------- Dan Hill [EMAIL PROTECTED] -------------------------- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
