[CentOS] Re: pam_ldap + nscd
srigler at marathonoil.com
Mon Oct 1 15:17:47 UTC 2007
On Mon, 2007-10-01 at 07:27 -0700, Craig White wrote:
> On Mon, 2007-10-01 at 07:40 -0500, Steve Rigler wrote:
> > On Sun, 2007-09-30 at 19:15 +0200, Felix Schwarz wrote:
> > > Eventually I found the problem:
> > > nscd did bind anonymously and slapd was configured to prevent access to ldap
> > > information by anonymous users. I thought that specifying "rootbinddn" and the
> > > correct password in ldap.secret would prevent that but obviously nscd needs
> > > "binddn" and "bindpw" in ldap.conf.
> > >
> > > fs
> > >
> > nscd runs as user "nscd" so it's not going to use rootbinddn.
> rootbinddn does not have anything to do with 'user root'
> 'User root' can bind as whatever is in /root/.ldaprc which by default is
> nothing which will default to whatever values are set as binddn/bindpw
> in /etc/ldap.conf
> rootbinddn is the all-powerful bind of LDAP
It has a lot to do with user root if you use rootbinddn in
"/etc/ldap.conf" and put the password into "/etc/ldap.secret" which
should only be readable by root.
More information about the CentOS