[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Creating database, catch-22
Pierangelo Masarati writes:
>Peter Mogensen wrote:
>> PS: As you can probably see, all access goes through SASL EXTERNAL. UNIX
>> root maps to cn=config via ldapi:///,
...plus authz-regexp, I assume
> remote access uses x509 certificates.
>
> Add an ACL (either global, if there aren't any in that database, or
> local) that allows the identity you trust to write to that database.
Or (temporarily?) change rootdn for the HDB database to cn=config,
so root won't need a password for that rootdn over ldapi://. Or use
authz-regexp to map your SASL/EXTERNAL identity to the database's
rootdn instead of to cn=config.
--
Hallvard