[KLUG Members] debug ldap failure

Peter Buxton members@kalamazoolinux.org
Mon, 15 Dec 2003 11:36:09 -0500

Previous message: [KLUG Members] debug ldap failure
Next message: [KLUG Members] debug ldap failure
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Dec 15, 2003 at 07:05:57AM -0500, Adam Williams was only escaped
   alone to tell thee:

> > :slapd -d4
> > connection_get(12)
> > ==> bdb_bind: dn: cn=admin,dc=home,dc=ricksweb,dc=info
> > send_ldap_result: err=0 matched="" text=""
> > connection_get(12)
> > deferring operation
> > SRCH "dc=home,dc=ricksweb,dc=info" 2 0    0 0 0
> >      filter: (mail=rharding)
> >      attrs: homeDirectory Maildir cn userPassword uidNumber mail
> 
> Other than I'm deeply concerned that it is reading userPassword, this
> looks normal. (except I also wonder why a MTA needs uidNumber or home
> directory).  The security of this authentication module has got to be a
> complete farce;  clearly written by someone who has no clue what their
> doing.  I'd recommend just scrapping this and finding someother software
> package that exhibits even moderate competence of design.

Exim, for example, runs as user mail|exim when bound to port 25. It
reexecutes itself as the local user when delivering locally. It also
searches for ~/.procmailrc ; if it finds it, it hands the mail to
procmail.

-- 
Unix lurks provocatively in the background of the
OS wars, like the Russian Army. -- Neal Stephenson

Previous message: [KLUG Members] debug ldap failure
Next message: [KLUG Members] debug ldap failure
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]