[nssldap] nss_ldap on SLES 10
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[nssldap] nss_ldap on SLES 10
- From: Iain Morgan <imorgan [at] nas.nasa.gov>
- To: nssldap [at] padl.com
- Subject: [nssldap] nss_ldap on SLES 10
- Date: Mon, 29 Jan 2007 11:43:34 -0800 (PST)
Hello,
On SLES 9 (nscd 2.3.5, nss_ldap 215) it seems that it is sufficient to
set rootbinddn in /etc/ldap.conf to get reasonable behaviour. However,
on SLES 10 (nscd 2.4, nss_ldap 246) it appears to be necessary to set
binddn/bindpw instead.
With only rootbinddn set on SLES 10, commands such as 'getent shadow'
work when run as root, but 'getent passwd' does not - regardless of
whether it is run as root or not. Whereas the same configuration under
SLES 9 works as you would expect for both 'getent shadow' and 'getent
passwd'.
I'm assuming the issue is that nscd 2.4 drops privileges for all queries
except getsp*(). Has anyone else observed this and is there an
(secure) alternative to having to set both rootbinddn and binddn?
Thanks
--
Iain Morgan
- [nssldap] nss_ldap on SLES 10,
Iain Morgan