Michael Oberg - Freiberuflicher EDV-Berater und Software-Entwickler Frame Version |
|||||||||||||||||||||||
|
slapd.conf The configuration file /etc/openldap/slapd.conf contains the among other things following attitudes:
Access rights The assignment of access rights on the LDAP listing was already described under LDAP in the section "dedicated access to "LDAP". Explicit setting up access rights is thereby quite simply ("... by DN =... write"). The difficulty consists of fact is, that with the distribution by write rights no safety gaps may be opened. For Example in order to reserve the creation of UNIX users or groups only the LDAP administrator, the creation of such objects in the file must "contacts" be forbidden - this goes only, by making the selection of attributes typical for these objects (passwords, ID numbers) impossible. Also certain system-critical attributes may not be changed within user and group objects (ID numbers, passwords, group and user name). |