Ubuntu Server Guide

Ubuntu 10.04 ldap creates admin user with two (plain text) passwords

Bug #1094842 reported by halfgaar on 2012-12-31

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Ubuntu Server Guide	Won't Fix	Undecided	Unassigned

Bug Description

In [1], the way the admin user is configured is wrong. You shouldn't make a admin user in ou=people *and* set a olcRootPW as well. See [2]. If you do specify a olcRootPW, don't make the admin user. If you do both, you can have an admin user with two passwords (which I had).

Also, the password is supplied in plain text, meaning the server also stores it as plain text (do:

ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b olcDatabase={1}hdb,cn=config

so see your password in the tree).

Instead, generate a hash with slappasswd.

So, either use olcRootPW or make an admin entry in ou=people. The 12.04 docs seem to do it right (they make the entry without rootpw).

[1] https://help.ubuntu.com/10.04/serverguide/openldap-server.html
[2] http://www.openldap.org/doc/admin24/access-control.html#Controlling%20rootdn%20access

Peter Matulis (petermatulis) on 2012-12-31

affects:

ubuntu-docs (Ubuntu) → serverguide

Revision history for this message

Peter Matulis (petermatulis) wrote on 2014-12-04:

Agreed, but we won't be making any corrections to the 10.04 Server Guide. I'm marking this one as 'Won't Fix'. Sorry.

Changed in serverguide:
status:	New → Won't Fix

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.