[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: root dn password: which one is the reference?

To: Jephte Clain <jephte.clain@univ-reunion.fr>, openldap-technical@openldap.org
Subject: Re: root dn password: which one is the reference?
From: Michael Ströder <michael@stroeder.com>
Date: Mon, 23 Feb 2015 10:29:06 +0100
In-reply-to: <54EAD8B9.4080802@univ-reunion.fr>
References: <54EAD8B9.4080802@univ-reunion.fr>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:35.0) Gecko/20100101 SeaMonkey/2.32.1

Jephte Clain wrote:
> I have an ldap server with rootdn cn=admin,dc=domain,dc=tld and password set
> in cn=config (this is openldap 2.4.40 on debian squeeze)
> 
> I have also the ldap objet cn=admin,dc=domain,dc=tld in the database, with a
> *different* password
> 
> both password seem to authenticate. is this expected?

IIRC it always worked like this.

> Being able to regularly change the root dn password looks like a good thing
> to me.

If you want security then avoid using rootpw.  There is no serious use-case
where you have to bind as rootdn via remote LDAP.  And for repairing defects
locally use a authz-regexp for LDAPI access with SASL/EXTERNAL bind of user root.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: root dn password: which one is the reference?
  - From: Jephte Clain <jephte.clain@univ-reunion.fr>

References:
- root dn password: which one is the reference?
  - From: Jephte Clain <jephte.clain@univ-reunion.fr>

Prev by Date: Re: create new user with same UID and GID
Next by Date: Re: root dn password: which one is the reference?
Index(es):
- Chronological
- Thread