On Sun, 2007-10-07 at 12:23 +0200, Felix Schwarz wrote:
Steve Rigler schrieb:
It has a lot to do with user root if you use rootbinddn in "/etc/ldap.conf" and put the password into "/etc/ldap.secret" which should only be readable by root.
You are right but I even set the permissions on ldap.secret to 0644 to be sure that there are no acl problems. I expected that nscd would use rootbinddn if ldap.secret was readable for the user "nscd".
fs
PS: This was on a test machine, I won't ever make ldap.secret world readable in a production environment.
---- Why would nscd need to bind on it's own to ldap? Perhaps it's because I don't normally use nscd but I can't see any reason for it to do so. Either a user or service binds to LDAP with it's own credentials or it fails and nscd shouldn't need it's own set of credentials. Perhaps someone can tech me something here.
Craig