[prev in list] [next in list] [prev in thread] [next in thread]
List: ispman-users
Subject: [Ispman-users] Re: LDAP security
From: "Gary C. New" <garycnew () yahoo ! com>
Date: 2003-09-09 20:14:14
[Download RAW message or body]
>
> My LDAP directory is composed only from the structure and entrys created by ISPman.
>
> I was wondering if I forgot something, because I'm able to get all userPasswords
> from all LDAP posicAccounts with no login. I just entered:
>
> ldapsearch -x -LL "(objectClass=posixAccount)" -h localhost dn uid userPassword
>
>
> Isn't this the same security fault as leaving /etc/shadow world readable ?
>
> Shouldn't there be some access restrictions from the beginning to this
> information ?
>
Take a look on openldap.org under the topic ACLs.
>
> I also whant to know if somebody can help me to get slapd log more informations.
> I tryed to set slapd.conf:loglevel 4095, but I still get only some ISPman
> connections logged. All other connections, querys, browsing doesn't report
> anything in syslogd. Could it be necessary to compile OpenLdap in some way to
> allow loglevel ?
>
I use loglevel 256 and it is fairly informative.
Respectfully,
Gary
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Ispman-users mailing list
Ispman-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ispman-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic