Petter proposel does not work with GOsa, because it doesn't fit the
concept. The users do not know the ldap admin password - and they
shouldn't. Like they shouldn't know the database passwords for a web
application of your choice. I don't get the problem - sorry.
I can place a note in the R
One way to solve it is to require the people accessing the LDAP
database using the web to provide the LDAP admin password during the
interaction, and not store it in clear text on the server.
One way to avoid having to pass the LDAP admin password every time is
to store it in a cookie. It would
Cajus Pollmeier skrev:
> Am Donnerstag 07 Dezember 2006 14:37 schrieb Finn-Arne Johansen:
>> Package: gosa
>> Version: 2.5.6-2
>> Severity: critical
>> Tags: security
>> Justification: root security hole
>>
>>
>> The documentation in gosa tells the admin to install gosa.conf under
>> /etc/gosa/gosa
Am Donnerstag 07 Dezember 2006 14:37 schrieb Finn-Arne Johansen:
> Package: gosa
> Version: 2.5.6-2
> Severity: critical
> Tags: security
> Justification: root security hole
>
>
> The documentation in gosa tells the admin to install gosa.conf under
> /etc/gosa/gosa.conf, and to make it readable by
Finn-Arne Johansen wrote:
> Package: gosa
> Version: 2.5.6-2
> Severity: critical
> Tags: security
> Justification: root security hole
>
>
> The documentation in gosa tells the admin to install gosa.conf under
> /etc/gosa/gosa.conf, and to make it readable by the group www-data.
> In this configu
Package: gosa
Version: 2.5.6-2
Severity: critical
Tags: security
Justification: root security hole
The documentation in gosa tells the admin to install gosa.conf under
/etc/gosa/gosa.conf, and to make it readable by the group www-data.
In this configuration file, the ldap admin password is stored
6 matches
Mail list logo
