nss_ldap without nscd or cached ?
Mohacsi Janos
mohacsi at niif.hu
Thu May 24 15:48:34 UTC 2007
Hi Michael,
On Thu, 24 May 2007, Michael Bushkov wrote:
> Hello Mohacsi,
>
>>
>> Other solution(?) would be to limit binddn access to read-only (also
>> limiting access only few attributes in LDAP) then exposing the bindpw would
>> not create big problem. However maintenance of LDAP ACI-s could be
>> difficult: nss_ldap attribute mapping and attribute usage should be
>> documented....
>
> I think, that limiting binddn access to readonly is the best practice whether
> you use nscd/cached or not. BTW, what kind of documentation do you need? I
> can possibly provide the necessary information.
I am curious only which ldap attributes will be used.... I would give
access only those attributes in our LDAP servers which is necessary....
Thanks for your answer.
Regards,
Janos Mohacsi
Network Engineer, Research Associate, Head of Network Planning and Projects
NIIF/HUNGARNET, HUNGARY
Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882
More information about the freebsd-hackers
mailing list