[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ispman-users
Subject:    [Ispman-users] Re: LDAP security
From:       "Gary C. New" <garycnew () yahoo ! com>
Date:       2003-09-09 20:14:14
[Download RAW message or body]

> 
> My LDAP directory is composed only from the structure and entrys created by ISPman.
> 
> I was wondering if I forgot something, because I'm able to get all userPasswords
> from all LDAP posicAccounts with no login. I just entered:
> 
> ldapsearch -x -LL  "(objectClass=posixAccount)" -h localhost dn uid userPassword
> 
> 
> Isn't this the same security fault as leaving /etc/shadow world readable ?
> 
> Shouldn't there be some access restrictions from the beginning to this 
> information ?
> 

Take a look on openldap.org under the topic ACLs.

> 
> I also whant to know if somebody can help me to get slapd log more informations.
> I tryed to set slapd.conf:loglevel 4095, but I still get only some ISPman
> connections logged. All other connections, querys, browsing doesn't report
> anything in syslogd. Could it be necessary to compile OpenLdap in some way to
> allow loglevel ?
> 

I use loglevel 256 and it is fairly informative.

Respectfully,


Gary




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Ispman-users mailing list
Ispman-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ispman-users
[prev in list] [next in list] [prev in thread] [next in thread]