[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Re: Can domain admins be filtered out with ACLs?



Hello Ulrich,

I do not doubt that you are right, yet what to understand.
Why would be rootdn necessary to fix ACLs when we have the config
database without RootDN and therefore that one is cannot be messed up
by applying a filter to the RootDN?

Not that I doubt wisdom of the design decisions.

For my goal, I am going to use olcHidden to achieve what I need
instead. If I cannot properly suspend a DIT, I get close to desired
results by hiding the database.

Sincerely,

Igor Shmukler

On Fri, Apr 17, 2015 at 8:15 AM, Ulrich Windl
<Ulrich.Windl@rz.uni-regensburg.de> wrote:
>>>> Quanah Gibson-Mount <quanah@zimbra.com> schrieb am 16.04.2015 um 20:38 in
> Nachricht <C40A1A2544EECEE4E75EA494@[192.168.1.9]>:
> [...]
>>>From the slapd.access(5) man page:
>>
>>        Be warned: the rootdn can always read and write EVERYTHING!
>
> ...and that is very helpful if you messed up your ACLs...
>
> [...]
>
> Regards,
> Ulrich
>
>