[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Creating database, catch-22

To: Peter Mogensen <apm@mutex.dk>
Subject: Re: Creating database, catch-22
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Wed, 16 Sep 2009 13:44:47 +0200
Cc: openldap-software@openldap.org, masarati@aero.polimi.it
In-reply-to: <4AB0C09C.5060809@aero.polimi.it>
References: <4AB087E4.9010105@mutex.dk> <4AB0C09C.5060809@aero.polimi.it>

Pierangelo Masarati writes:
>Peter Mogensen wrote:
>> PS: As you can probably see, all access goes through SASL EXTERNAL. UNIX 
>> root maps to cn=config via ldapi:///,

...plus authz-regexp, I assume

> remote access uses x509 certificates.
> 
> Add an ACL (either global, if there aren't any in that database, or 
> local) that allows the identity you trust to write to that database.

Or (temporarily?) change rootdn for the HDB database to cn=config,
so root won't need a password for that rootdn over ldapi://.  Or use
authz-regexp to map your SASL/EXTERNAL identity to the database's
rootdn instead of to cn=config.

-- 
Hallvard

Follow-Ups:
- Re: Creating database, catch-22
  - From: Peter Mogensen <apm@mutex.dk>

References:
- Creating database, catch-22
  - From: Peter Mogensen <apm@mutex.dk>
- Re: Creating database, catch-22
  - From: Pierangelo Masarati <masarati@aero.polimi.it>

Prev by Date: Re: Creating database, catch-22
Next by Date: Re: Creating database, catch-22
Index(es):
- Chronological
- Thread