In a lot of LDAP setups, LDAP is directly accessible from the internet. Obviously you don't want to publish user information anonymously (telephonenumbers, e-mail addresses etc.). The most common way to solve this issue is to add a special proxy user to the DIT so that only sensitive information can be published when an authenticated bind is done. Therefore you have the binddn option with a password.
When I installed Feisty in April, libnss-ldap.conf was not world readable after installing via apt-get. It looks like this behaviour has be changed (now 644). Scott Henson wrote: > I'm curious as to why you have sensitive information in libnss- > ldap.conf. The only thing that could possibly considered sensitive is > the password to a ldap user. I have run Ubuntu systems without that > since warty and I have not had a problem. We just bind anonymously. > What would you be using that password for? > > Also it makes sense that libnss-ldap.conf needs to be readable by > everyone on the system because its a libc function and you need to give > libc a way of getting its configuration information. > > -- core dump for shells using ldap for passwd information https://bugs.launchpad.net/bugs/64396 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs