[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Securing cn=config

To: openldap-software@openldap.org
Subject: Re: Securing cn=config
From: Peter Mogensen <apm@mutex.dk>
Date: Thu, 29 Jan 2009 21:32:08 +0100
In-reply-to: <4981904F.3010908@mutex.dk>
References: <4981904F.3010908@mutex.dk>
User-agent: Thunderbird 2.0.0.19 (X11/20090105)

Michael Ströder wrote:
> Peter Mogensen wrote:
> > The FAQ says that in slapd 2.4 cn=config respects ACLs, but I can't
> > even limit auth against the rootdn with an ACL.
>
> Binding as rootdn always circumvents all ACLs.

Not all. It usually works not set "rootpw", but create a real object for the rootdn and limit auth priviledged to it. http://www.openldap.org/faq/data/cache/761.html

But I can't get it to work with cn=config. My usually trick don't work, since I can't find a structural objectclass for the object, since schemas are not loaded when slapd reads the cn=config slapd.d directory.

/Peter

References:
- Securing cn=config
  - From: Peter Mogensen <apm@mutex.dk>

Prev by Date: Re: Ldap configuration (Group permission)
Next by Date: Re: Ldap configuration (Group permission)
Index(es):
- Chronological
- Thread