Igor Shmukler wrote: > Hello Michael, > > Thank you for reading my email and replying to the thread. > > I don't believe that you answered my question. I was probably unclear. > Sorry. I will rephrase, as I am still looking for information. > > Is there a reason why I should not be able to, or just should not, do the below: > 1. change my OpenLDAP server configuration so cn=config can be > successfully authenticated using password. > 2. retrieve records from non-config database[s] [over network, for > example giving ldapsearch -D cn=config -W] AFAICS it's all possible. Basically the client authenticates, maybe the authc-DN is mapped to an authz-DN depending on the authc mech used, and then the client is authorized to access different parts of your whole LDAP data. But you have to dive into those docs I pointed out. > On Mon, Mar 2, 2015 at 12:26 PM, Michael Ströder <michael@stroeder.com> wrote: >> You should start to read about access control: >> >> slapd.access(5) >> >> http://www.openldap.org/doc/admin24/access-control.html >> >> http://www.openldap.org/faq/data/cache/189.html >> >> Don't claim to have a multi-tenant service before you really understood all of >> the above. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature