On Wednesday 21 June 2006 16:11, Christian Külker wrote: > Hi, > > nice to see you in Extremadura, even if we had noch much time to talk. > > Morten Werner Olsen wrote: > > On Wed, Mar 22, 2006 at 02:40:07PM +0100, Thierry STAUDER wrote: > > I was asked to reply to this mail. So I thought I did it already but, ... > > So every bug you mentioned is fixed several month ago, but I was asked > in Extremadura if this is fixed, so I write it here again. > > > I studied some of the CiPux-code a bit, and there are several security > > issues which must be fixed before we can using this in our > > Debian-Edu/Skolelinux distribution. I've found examples in the code > > where passwords are send to the command-line. One example in > > get_value.pl [1] where the LDAP-password is provided on the > > command-line to LDAP-commandline utilities. > > The LDAP command line is "fixed" on version 3.2.9 > > The LDAP command takes now -y and a file where the password is stored. > The file owns by root:root are mode 400 Does Cipux use the Perl LDAP API? I guess it would make things easier and it has a very good ldap handling and there is no need to use the tools ldapsearch, ldapadd ... and friends. You can also look into the wlus code for doing ldap interaction. E.g. look into the LDAP.pm which is IMHO a good example for some nice ldap interaction in perl. Greetings Steffen
Attachment:
pgpafFZZCetaR.pgp
Description: PGP signature