Date: Thu, 24 May 2007 17:48:30 +0200 (CEST) From: Mohacsi Janos <mohacsi@niif.hu> To: Michael Bushkov <bushman@freebsd.org> Cc: freebsd-hackers@freebsd.org Subject: Re: nss_ldap without nscd or cached ? Message-ID: <20070524174123.S19560@mignon.ki.iif.hu> In-Reply-To: <465566A9.7040507@freebsd.org> References: <20070524112217.N166@mignon.ki.iif.hu> <465566A9.7040507@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Michael, On Thu, 24 May 2007, Michael Bushkov wrote: > Hello Mohacsi, > >> >> Other solution(?) would be to limit binddn access to read-only (also >> limiting access only few attributes in LDAP) then exposing the bindpw would >> not create big problem. However maintenance of LDAP ACI-s could be >> difficult: nss_ldap attribute mapping and attribute usage should be >> documented.... > > I think, that limiting binddn access to readonly is the best practice whether > you use nscd/cached or not. BTW, what kind of documentation do you need? I > can possibly provide the necessary information. I am curious only which ldap attributes will be used.... I would give access only those attributes in our LDAP servers which is necessary.... Thanks for your answer. Regards, Janos Mohacsi Network Engineer, Research Associate, Head of Network Planning and Projects NIIF/HUNGARNET, HUNGARY Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070524174123.S19560>