[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Installation openLDAP in Debian



On Thu, Apr 21, 2011 at 12:32 PM, Erwann ABALEA <eabalea@gmail.com> wrote:
> 2011/4/21 Jose Ildefonso Camargo Tolosa <ildefonso.camargo@gmail.com>:
>> On Thu, Apr 21, 2011 at 11:47 AM, Olivier Guillard
>> <olivier@guillard.nom.fr> wrote:
>>>> No, that is not the meaning of "add".
>>>
>>> In that case, how can you change
>>> olcRootPW: MySecretPassword
>>
>> If you forgot your rootdn pass, and have no other user that with write
>> privileges to cn=config, I guess you would need to slapcat your
>> config, edit it, delete old config, and reload with slapadd.  Or...
>> take the risk and just edit the file by hand.
>
> Or use the ldapi:// URI, with "EXTERNAL" SASL mechanism, and correct ACL.

Ok.... can you elaborate? if you can do this, I feel that this is
almost a security problem (where you can bypass LDAP authentication by
using an external auth that was not previously configured on the
directory).