[Date Prev][Date Next] [Chronological] [Thread] [Top]

Securing cn=config

To: openldap-software@openldap.org
Subject: Securing cn=config
From: Peter Mogensen <apm@mutex.dk>
Date: Thu, 29 Jan 2009 12:17:35 +0100
User-agent: Thunderbird 2.0.0.19 (X11/20090105)

After hours of searching through mailing lists, reading man pages and FAQs and the admin-guide and trying every possible combination I can think of, I still can't find the answer on how to secure cn=config

The FAQ says that in slapd 2.4 cn=config respects ACLs, but I can't even limit auth against the rootdn with an ACL.

There has to be a recommended way, but I can't find it. I guess a lot pf people would have benefit from a FAQ example on how to do it.

I would have expected this to work:

database config
rootpw config
access to dn.exact="cn=config"
       by peername="127.0.0.1" auth
       by * none

but not...

/Peter

Follow-Ups:
- Re: Securing cn=config
  - From: Michael Ströder <michael@stroeder.com>
- Re: Securing cn=config
  - From: Peter Mogensen <apm@mutex.dk>

Prev by Date: RE: password policy - alternate lockout mechanism
Next by Date: Ldap configuration (Group permission)
Index(es):
- Chronological
- Thread