[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: question about cn=config replication and security.

To: openldap-technical@openldap.org
Subject: Re: question about cn=config replication and security.
From: Jonathan Clarke <jonathan@phillipoux.net>
Date: Sat, 12 Feb 2011 23:48:09 +0100
In-reply-to: <AANLkTimzNJGoQ6m_=P3CfzcXUELgtG-KBGHQJuG+xenV@mail.gmail.com>
References: <AANLkTimzNJGoQ6m_=P3CfzcXUELgtG-KBGHQJuG+xenV@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7

Le 11/02/2011 18:26, Mailing Lists a écrit :
> Hello.
> 
> I'm running a pair of openldap 2.4 servers which replicate cn=config DB
> in mirror mode.
> Is there a way to configure a RO user (like user from BDB) for cn=config
> DB, so should someone get a hold of it's password, and still will not be
> able to change the configs ?

Hi,

I'm not entirely sure I've understood your question, but you can write
ACLs to allow any user (using any DN, thus including a DN from a BDB
database) access to the cn=config subtree.

Jonathan
-- 
--------------------------------------------------------------
Jonathan Clarke - jonathan@phillipoux.net
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------

References:
- question about cn=config replication and security.
  - From: Mailing Lists <mailing-lists@griddynamics.com>

Prev by Date: Re: How to use LDAP_OPT_CONNECT_ASYNC?
Next by Date: Re: Slapd Security based on port
Index(es):
- Chronological
- Thread