[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: rootpw ignored if userPassword exists
On Fri, Jun 15, 2007 at 04:31:48PM +0200, Hallvard B Furuseth wrote:
> Andreas Hasenack writes:
> > I was just wondering if this is expected behaviour.
>
> It's intended behavour that rootdn can be the name of an entry and you
> can use that entry's password.
Agreed
> When both an entry and rootpw exist, backends are currently inconsistent
> about which one is used. (Which backend are you using? I thought it
> happened just with the LDIF backend.)
BDB
> > I find this a bit unexpected. Suppose someone manages to create an
> > entry matching rootdn. Then this person would be able to become
> > rootdn, bypassing the rootpw setting in slapd.conf.
>
> I'll note that as an argument for having rootpw override the entry's
> dn:-)
Yes, exactly my thought.