[nssldap] nss_ldap on SLES 10

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Iain Morgan <imorgan [at] nas.nasa.gov>
To: nssldap [at] padl.com
Subject: [nssldap] nss_ldap on SLES 10
Date: Mon, 29 Jan 2007 11:43:34 -0800 (PST)

Hello,

On SLES 9 (nscd 2.3.5, nss_ldap 215) it seems that it is sufficient to
set rootbinddn in /etc/ldap.conf to get reasonable behaviour. However, 
on SLES 10 (nscd 2.4, nss_ldap 246) it appears to be necessary to set
binddn/bindpw instead.

With only rootbinddn set on SLES 10, commands such as 'getent shadow'
work when run as root, but 'getent passwd' does not - regardless of
whether it is run as root or not. Whereas the same configuration under
SLES 9 works as you would expect for both 'getent shadow' and 'getent
passwd'.

I'm assuming the issue is that nscd 2.4 drops privileges for all queries
except getsp*(). Has anyone else observed this and is there an
(secure) alternative to having to set both rootbinddn and binddn?

Thanks

--
Iain Morgan

[nssldap] nss_ldap on SLES 10, Iain Morgan

Re: [nssldap] nss_ldap on SLES 10, Ralf Haferkamp

<Possible follow-ups>
Re: [nssldap] nss_ldap on SLES 10, Iain Morgan
- Re: [nssldap] nss_ldap on SLES 10, Ralf Haferkamp
  - Re: [nssldap] nss_ldap on SLES 10, Ralf Haferkamp

Prev by Date: Re: [nssldap] nss_ldap - filter for nss_base_passwd not functional
Next by Date: Re: [nssldap] nss_ldap - filter for nss_base_passwd not functional
Previous by thread: [nssldap] acl for libnss attributes
Next by thread: Re: [nssldap] nss_ldap on SLES 10