[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: root-only configuration



Carl Johnstone writes:
>Peter Mogensen wrote:
>> Is it in anyway possible to set up cn=config, so only root on the host
>> can make changes?
> 
> You probably want a peername ACL.

Or authz-regexp.

authz-regexp
	^gidNumber=[0-9]*[+]uidNumber=0,cn=peercred,cn=external,cn=auth$
	cn=admin
database config
rootdn cn=admin

(The [] is because + is a special regexp character and I never remember
how many backslashes I need for quoting in slapd.conf.)

-- 
Hallvard