7 p.m.
Hi all,
I meet some trouble when there are duplicated username in both local users
list and LDAP users list, and I think it may cause security problems, for
example, in my case, "root" and "admin" account from LDAP could even
control
the whole system. I do not want this happens.
Would you please give me some advices on how to dare with this duplicated
username issue?
Kind regards,
Phillip
9:23 a.m.
Well, a good OpenLDAP answer to this response might be to use
ldapdelete(1) on the accounts you don't want to have in LDAP, or to use
ACLs to restrict access to entries that you do not want visible.
Apart from OpenLDAP software, there are other (quite possibly better)
responses to be had if you talk with the provider of your nss_ldap module
(or, if open source, an appropriate mailing list), the provider of your
operating system (hint: nsswitch.conf), or the ldap-interop mailing list
to help you glue together one or more of these options.
On Thu, 9 Nov 2006, Phillip wrote:
Hi all,
I meet some trouble when there are duplicated username in both local users
list and LDAP users list, and I think it may cause security problems, for
example, in my case, "root" and "admin" account from LDAP could even
control
the whole system. I do not want this happens.
Would you please give me some advices on how to dare with this duplicated
username issue?
Kind regards,
Phillip
6:33 p.m.
Right, this topic is more appropriately continued elsewhere...
At 09:23 AM 11/9/2006, Aaron Richton wrote:
Well, a good OpenLDAP answer to this response might be to use
ldapdelete(1) on the accounts you don't want to have in LDAP, or to use ACLs to
restrict access to entries that you do not want visible.
Apart from OpenLDAP software, there are other (quite possibly better) responses to be had
if you talk with the provider of your nss_ldap module (or, if open source, an appropriate
mailing list), the provider of your operating system (hint: nsswitch.conf), or the
ldap-interop mailing list to help you glue together one or more of these options.
On Thu, 9 Nov 2006, Phillip wrote:
>Hi all,
>
>I meet some trouble when there are duplicated username in both local users list and
LDAP users list, and I think it may cause security problems, for example, in my case,
"root" and "admin" account from LDAP could even control the whole
system. I do not want this happens.
>
>Would you please give me some advices on how to dare with this duplicated username
issue?
>
>
>Kind regards,
>Phillip
>
>
>
>
5718
days inactive
5719
days old
openldap-software@openldap.org
2 comments
3 participants
participants (3)
-
Aaron Richton -
Kurt D. Zeilenga -
Phillip