[CentOS] Re: pam_ldap + nscd

Mon Oct 1 15:17:47 UTC 2007
Steve Rigler <srigler at marathonoil.com>

On Mon, 2007-10-01 at 07:27 -0700, Craig White wrote:
> On Mon, 2007-10-01 at 07:40 -0500, Steve Rigler wrote:
> > On Sun, 2007-09-30 at 19:15 +0200, Felix Schwarz wrote:
> > > Eventually I found the problem:
> > > nscd did bind anonymously and slapd was configured to prevent access to ldap 
> > > information by anonymous users. I thought that specifying "rootbinddn" and the 
> > > correct password in ldap.secret would prevent that but obviously nscd needs 
> > > "binddn" and "bindpw" in ldap.conf.
> > > 
> > > fs
> > > 
> > 
> > nscd runs as user "nscd" so it's not going to use rootbinddn.
> ----
> rootbinddn does not have anything to do with 'user root'
> 
> 'User root' can bind as whatever is in /root/.ldaprc which by default is
> nothing which will default to whatever values are set as binddn/bindpw
> in /etc/ldap.conf
> 
> rootbinddn is the all-powerful bind of LDAP
> 
> Craig

It has a lot to do with user root if you use rootbinddn in
"/etc/ldap.conf" and put the password into "/etc/ldap.secret" which
should only be readable by root.

-Steve