[Date Prev][Date Next] [Chronological] [Thread] [Top]

Replication: 1 DN for all slaves.

To: openldap-software@openldap.org
Subject: Replication: 1 DN for all slaves.
From: lauro@npd.ufsc.br
Date: Fri, 15 Jun 2007 11:49:56 -0300
Content-disposition: inline
User-agent: Internet Messaging Program (IMP) H3 (4.1.1)

Hi,

Do you think it's a bad practice to have one DN shared between all slaves? Of course this DN is different from the rootdn. My ideas why it's not:

- I have to worry about one pair dn/pass, I still have to worry about security on all slave server machines, that's the main problem, I know, but there are so many passwords, minimize that can be good.

- If someone manages to get the DN pass, he/she can write to the master (since on the master that DN has write access to "*", then all the slaves, even the ones not hacked, will get that new compromised tree. If replication were not automatic, having one dn/pass to each slave would allow me to have some slaves with a "good" tree on the event someone gets the dn/pass of a slave, and then writing on the master would not affect all slaves. Since it is automatic.. and I have no reason to make happen by human interaction, one slave affected means all slaves and the server affected, even with different DN's/passwords.

 Did I miss anything?

 thanks,

 Lauro

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Follow-Ups:
- Re: Replication: 1 DN for all slaves.
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

Prev by Date: Re: rootpw ignored if userPassword exists
Next by Date: Re: Replication: 1 DN for all slaves.
Index(es):
- Chronological
- Thread