Re: Fwd: Re: Administration tools

2006/6/18, Christian Külker <christian.kuelker@cipworx.org>:

Hi Holger,

Holger Levsen wrote:
> On Saturday 17 June 2006 14:46, Knut Yrvin forwardd:
>
>>I've tried to install cipux on an edubuntu, but something went wrong :
>>
>>root@edubuntu :/home/francois# cipux_maint_diagnostic
>>1..35
>
> [...]
>
>># [12]: can we browse the ldap server without passoword? => No such
>>object (32)
>
>
> I'm wondering what that means - is that a sane and secure setting if
one can
> browse the ldap-server without password? or am i overly paranoid, as
only
> non-important data can be browsed?

sorry for the typo it should not read passoword it should read password.
I corrected this already for CipUX 3.2.10. So it should be pretty clear
now what that means, ok?

You can browse EVERY standard Skolelinux LDAP without password. You
didn't know? Oh! (not all attributes of course but there was no "all" in
the sentence, right?

Here comes the SHELL code behind that message:
/usr/bin/ldapsearch -x -p 389 -h localhost -b
'uid=root,ou=People,dc=skole,dc=skolelinux,dc=no' -LLL uid uid=root";

So LDAP might not be there or no default structure in it or ACL Problem.

Put the command line on you personal Skoelinux installation and see that
you can browse your LDAP (in limits) without password. Please confirm
that it works!

Holger, you might also have a direct look in the source code next time.
It is available under Alioth:

http://svn.debian.org/wsvn/cipux/trunk/cibot/src/bin/maint_diagnostic.pl?op=file&rev=0&sc=0

If you can improve the script let it me know, or do it directly on
Alioth. I would like to have more (or the most?) people on bord, who are
sensible for security issues. Feel free to join the CipUX team as
security advisor/ proofreader.

Yours
Christian

--
To UNSUBSCRIBE, email to debian-edu-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org