2:42 p.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This has come from the K12OSN project and I have it now on:
http://FedoraNEWS.ORG/ghenry/ldap
It's waiting for me to finish tagging/cleaning it.
Would someone like to Docbook it up for the docs project? I have permission to
do what ever to it.
I am also on the LDAP team for tldp.org but not really done much about it, but
this is a very good one to go into it.
I have these points which I sent to him:
1. The backend ldap should be bdb not ldbm (discussed very in depth on the
OpenLDAP lists).
2. You should really have access controls on the LDAP database, as anyone can
then read your hashed password over the wire, unless, which I didn't notice,
you only have the LDAP server listening on localhost?
3. You should be using TLS.
4. Could you do a wee conclusion, rounding everything off.
P.S. I just found this one on his site:
http://www.vcs.u52.k12.me.us/LDAP/The_SAMBA-LDAP_How-to.html
I don't know which is newer, but this one seems more complete.
I'll check.
Gavin.
I think this comes from:
http://samba.idealx.org/smbldap-howto.en.html
- ---------- Forwarded Message ----------
Subject: [K12OSN] Samba/LDAP how-to in OO format
Date: Wednesday 16 Jun 2004 03:28
From: "David Trask" <dtrask(a)vcs.u52.k12.me.us>
To: K12OSN(a)redhat.com
http://web.vcs.u52.k12.me.us/linux/Samba-LDAP.sxw
here's the Samba LDAP how-to in OO format
David N. Trask
Technology Teacher/Coordinator
Vassalboro Community School
dtrask(a)vcs.u52.k12.me.us
(207)923-3100
_______________________________________________
K12OSN mailing list
K12OSN(a)redhat.com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>
- -------------------------------------------------------
- --
Kind Regards,
Gavin Henry.
Managing Director.
T +44 (0) 1224 587369
M +44 (0) 7930 323266
F +44 (0) 1224 742001
E ghenry(a)suretecsystems.com
Open Source. Open Solutions.
http://www.suretecsystems.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFA0KKxgNqd7Kng8UoRArTHAKDcOAa52LJQGuaEDeRo1GyTHd2VwQCfdxO8
SCZNaH+RdbzGzGx8cPaLdJs=
=6Ckx
-----END PGP SIGNATURE-----
2:48 p.m.
I'll be happy to do it. If you don't mind, find out if he wants to make
your changes first.
On Wed, 2004-06-16 at 15:42, Gavin Henry wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This has come from the K12OSN project and I have it now on:
http://FedoraNEWS.ORG/ghenry/ldap
It's waiting for me to finish tagging/cleaning it.
Would someone like to Docbook it up for the docs project? I have permission to
do what ever to it.
I am also on the LDAP team for tldp.org but not really done much about it, but
this is a very good one to go into it.
I have these points which I sent to him:
1. The backend ldap should be bdb not ldbm (discussed very in depth on the
OpenLDAP lists).
2. You should really have access controls on the LDAP database, as anyone can
then read your hashed password over the wire, unless, which I didn't notice,
you only have the LDAP server listening on localhost?
3. You should be using TLS.
4. Could you do a wee conclusion, rounding everything off.
P.S. I just found this one on his site:
http://www.vcs.u52.k12.me.us/LDAP/The_SAMBA-LDAP_How-to.html
I don't know which is newer, but this one seems more complete.
I'll check.
Gavin.
I think this comes from:
http://samba.idealx.org/smbldap-howto.en.html
- ---------- Forwarded Message ----------
Subject: [K12OSN] Samba/LDAP how-to in OO format
Date: Wednesday 16 Jun 2004 03:28
From: "David Trask" <dtrask(a)vcs.u52.k12.me.us>
To: K12OSN(a)redhat.com
http://web.vcs.u52.k12.me.us/linux/Samba-LDAP.sxw
here's the Samba LDAP how-to in OO format
David N. Trask
Technology Teacher/Coordinator
Vassalboro Community School
dtrask(a)vcs.u52.k12.me.us
(207)923-3100
_______________________________________________
K12OSN mailing list
K12OSN(a)redhat.com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>
- -------------------------------------------------------
- --
Kind Regards,
Gavin Henry.
Managing Director.
T +44 (0) 1224 587369
M +44 (0) 7930 323266
F +44 (0) 1224 742001
E ghenry(a)suretecsystems.com
Open Source. Open Solutions.
http://www.suretecsystems.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFA0KKxgNqd7Kng8UoRArTHAKDcOAa52LJQGuaEDeRo1GyTHd2VwQCfdxO8
SCZNaH+RdbzGzGx8cPaLdJs=
=6Ckx
-----END PGP SIGNATURE-----
4:15 a.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday 16 Jun 2004 20:48, Paul W. Frields wrote:
I'll be happy to do it. If you don't mind, find out if he
wants to make
your changes first.
">I hope the community does remedy all those points to give this very
useful document a more robust treatment of security, and make FC2 a
little less complex to implement samba/ldap on.
Definitely...I'm by no means an expert...I'm driven by a need to tie my
Windoze and LTSP users together...hence Samba/LDAP....please...pitch
in...feel free to rewrite the doc and please let me know if you do so I
can try it :-)"
Go ahead Paul, thanks.
On Wed, 2004-06-16 at 15:42, Gavin Henry wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> This has come from the K12OSN project and I have it now on:
>
> http://FedoraNEWS.ORG/ghenry/ldap
>
> It's waiting for me to finish tagging/cleaning it.
>
> Would someone like to Docbook it up for the docs project? I have
> permission to do what ever to it.
>
> I am also on the LDAP team for tldp.org but not really done much about
> it, but this is a very good one to go into it.
>
> I have these points which I sent to him:
>
> 1. The backend ldap should be bdb not ldbm (discussed very in depth on
> the OpenLDAP lists).
>
> 2. You should really have access controls on the LDAP database, as anyone
> can then read your hashed password over the wire, unless, which I didn't
> notice, you only have the LDAP server listening on localhost?
>
> 3. You should be using TLS.
>
> 4. Could you do a wee conclusion, rounding everything off.
>
>
>
>
> P.S. I just found this one on his site:
>
> http://www.vcs.u52.k12.me.us/LDAP/The_SAMBA-LDAP_How-to.html
>
> I don't know which is newer, but this one seems more complete.
>
> I'll check.
>
> Gavin.
>
> I think this comes from:
>
> http://samba.idealx.org/smbldap-howto.en.html
>
>
> - ---------- Forwarded Message ----------
>
> Subject: [K12OSN] Samba/LDAP how-to in OO format
> Date: Wednesday 16 Jun 2004 03:28
> From: "David Trask" <dtrask(a)vcs.u52.k12.me.us>
> To: K12OSN(a)redhat.com
>
> http://web.vcs.u52.k12.me.us/linux/Samba-LDAP.sxw
>
> here's the Samba LDAP how-to in OO format
>
> David N. Trask
> Technology Teacher/Coordinator
> Vassalboro Community School
> dtrask(a)vcs.u52.k12.me.us
> (207)923-3100
>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN(a)redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
> - -------------------------------------------------------
>
> - --
> Kind Regards,
>
> Gavin Henry.
> Managing Director.
>
> T +44 (0) 1224 587369
> M +44 (0) 7930 323266
> F +44 (0) 1224 742001
> E ghenry(a)suretecsystems.com
>
> Open Source. Open Solutions.
>
> http://www.suretecsystems.com/
>
- --
Kind Regards,
Gavin Henry.
http://www.magicfx.co.uk
http://FedoraNEWS.ORG/ghenry
http://shorl.com/dokypyrirypa
http://www.suretecsystems.com
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
> iD8DBQFA0KKxgNqd7Kng8UoRArTHAKDcOAa52LJQGuaEDeRo1GyTHd2VwQCfdxO8
> SCZNaH+RdbzGzGx8cPaLdJs=
> =6Ckx
> -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFA0WE8gNqd7Kng8UoRAgjjAJ4nbLDaerO42cZN1sjnXY5CSS96AACfXHrt
bRHbT9edUB3o4rfvxpu/mjo=
=rOK7
-----END PGP SIGNATURE-----
7253
days inactive
7254
days old
2 comments
2 participants
participants (2)
-
Gavin Henry -
Paul W. Frields