In a lot of LDAP setups, LDAP is directly accessible from the internet. 
Obviously you don't want to publish user information anonymously 
(telephonenumbers, e-mail addresses etc.). The most common way to solve 
this issue is to add a special proxy user to the DIT so that only 
sensitive information can be published when an authenticated bind is 
done. Therefore you have the binddn option with a password.

When I installed Feisty in April, libnss-ldap.conf was not world 
readable after installing via apt-get. It looks like this behaviour has 
be changed (now 644).


Scott Henson wrote:
> I'm curious as to why you have sensitive information in libnss-
> ldap.conf.   The only thing that could possibly considered sensitive is
> the password to a ldap user.  I have run Ubuntu systems without that
> since warty and I have not had a problem.  We just bind anonymously.
> What would you be using that password for?
>
> Also it makes sense that libnss-ldap.conf needs to be readable by
> everyone on the system because its a libc function and you need to give
> libc a way of getting its configuration information.
>
>

-- 
core dump for shells using ldap for passwd information
https://bugs.launchpad.net/bugs/64396
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to