[sork] Re: [PATCH] new ldap driver for passwd
Roel Gloudemans
roel at gloudemans.info
Mon Feb 14 10:48:27 PST 2005
Hi Philipp,
To do it right I think the choice how to log on should be configurable.
The correct way from a security point of view is using the own userdn
(one less admin password in a config file), but I've seen situations
where the admin dn would be better.
The shadow parameters are for password policies. Why should they be
removed? (I for one use them to make passwords expire and to warn the
user when this is going to happen)
I like the ssl addon.
On a broader perspective: Maybe it is better to e.g. merge passwd and
accounts. There are a few functions you would like to have on both
sides (it test I have even have an accounts module that can talk to an
AD; no passwords yet though, but you would need to have admin access to
the directory). Cheers,
Roel.
Quoting Thielpark Systeme GmbH - Philipp Offermann <offermann at thielpark.de>:
> Hi,
>
> I wrote a new driver for passwd based on the ldap driver. It uses an admin
> login for logging into the ldap instead of the userdn. I removed the shadow
> functions because I don't need them, but it shouldn't be difficult to put
> them in again. Could someone please check and commit the patch or send me a
> comment?
>
> Thanks,
> Philipp
> Thielpark Systeme GmbH
>
More information about the sork
mailing list