[KLUG Members] debug ldap failure
Peter Buxton
members@kalamazoolinux.org
Mon, 15 Dec 2003 11:36:09 -0500
On Mon, Dec 15, 2003 at 07:05:57AM -0500, Adam Williams was only escaped
alone to tell thee:
> > :slapd -d4
> > connection_get(12)
> > ==> bdb_bind: dn: cn=admin,dc=home,dc=ricksweb,dc=info
> > send_ldap_result: err=0 matched="" text=""
> > connection_get(12)
> > deferring operation
> > SRCH "dc=home,dc=ricksweb,dc=info" 2 0 0 0 0
> > filter: (mail=rharding)
> > attrs: homeDirectory Maildir cn userPassword uidNumber mail
>
> Other than I'm deeply concerned that it is reading userPassword, this
> looks normal. (except I also wonder why a MTA needs uidNumber or home
> directory). The security of this authentication module has got to be a
> complete farce; clearly written by someone who has no clue what their
> doing. I'd recommend just scrapping this and finding someother software
> package that exhibits even moderate competence of design.
Exim, for example, runs as user mail|exim when bound to port 25. It
reexecutes itself as the local user when delivering locally. It also
searches for ~/.procmailrc ; if it finds it, it hands the mail to
procmail.
--
Unix lurks provocatively in the background of the
OS wars, like the Russian Army. -- Neal Stephenson