[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: root-only configuration

To: Peter Mogensen <apm@mutex.dk>
Subject: Re: root-only configuration
From: Aaron Richton <richton@nbcs.rutgers.edu>
Date: Tue, 17 Feb 2009 10:32:19 -0500 (EST)
Cc: openldap-software@openldap.org
In-reply-to: <499A8550.5000200@mutex.dk>
References: <499A8550.5000200@mutex.dk>

On Tue, 17 Feb 2009, Peter Mogensen wrote:

With slapd.conf you had to be root on the host to reconfigure slapd. However, with cn=config anyone who can authenticate as rootdn for cn=config can reconfigure slapd.

Is it in anyway possible to set up cn=config, so only root on the host can make changes?

Same as with a "real" backend; don't set a rootpw, and ACL it so that only a suitably-permissioned ldapi:/// listener has write access. Note that this will likely involve some combination of OpenLDAP ACL and OS permissions both.

References:
- root-only configuration
  - From: Peter Mogensen <apm@mutex.dk>

Prev by Date: shared memory vs memory mapped files
Next by Date: Re: Precluding hardware-dependent issues
Index(es):
- Chronological
- Thread