Hi all,
I meet some trouble when there are duplicated username in both local users list and LDAP users list, and I think it may cause security problems, for example, in my case, "root" and "admin" account from LDAP could even control the whole system. I do not want this happens.
Would you please give me some advices on how to dare with this duplicated username issue?
Kind regards, Phillip
Well, a good OpenLDAP answer to this response might be to use ldapdelete(1) on the accounts you don't want to have in LDAP, or to use ACLs to restrict access to entries that you do not want visible.
Apart from OpenLDAP software, there are other (quite possibly better) responses to be had if you talk with the provider of your nss_ldap module (or, if open source, an appropriate mailing list), the provider of your operating system (hint: nsswitch.conf), or the ldap-interop mailing list to help you glue together one or more of these options.
On Thu, 9 Nov 2006, Phillip wrote:
Hi all,
I meet some trouble when there are duplicated username in both local users list and LDAP users list, and I think it may cause security problems, for example, in my case, "root" and "admin" account from LDAP could even control the whole system. I do not want this happens.
Would you please give me some advices on how to dare with this duplicated username issue?
Kind regards, Phillip
Right, this topic is more appropriately continued elsewhere...
At 09:23 AM 11/9/2006, Aaron Richton wrote:
Well, a good OpenLDAP answer to this response might be to use ldapdelete(1) on the accounts you don't want to have in LDAP, or to use ACLs to restrict access to entries that you do not want visible.
Apart from OpenLDAP software, there are other (quite possibly better) responses to be had if you talk with the provider of your nss_ldap module (or, if open source, an appropriate mailing list), the provider of your operating system (hint: nsswitch.conf), or the ldap-interop mailing list to help you glue together one or more of these options.
On Thu, 9 Nov 2006, Phillip wrote:
Hi all,
I meet some trouble when there are duplicated username in both local users list and LDAP users list, and I think it may cause security problems, for example, in my case, "root" and "admin" account from LDAP could even control the whole system. I do not want this happens.
Would you please give me some advices on how to dare with this duplicated username issue?
Kind regards, Phillip
openldap-software@openldap.org