[Date Prev][Date Next] [Chronological] [Thread] [Top]

Controlling rootdn access

To: openldap-technical@openldap.org
Subject: Controlling rootdn access
From: Michael Hierweck <michael@hierweck.de>
Date: Thu, 05 Nov 2015 07:55:02 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.8.0

Hi all,

I'm trying to improve security by restricting rootdn access to localhost.

See:

http://www.openldap.org/doc/admin24/access-control.html#Controlling%20rootdn%20access

But I can't delete the olcRootPW attribute from the olcDatabase object:

ldap_modify: Inappropriate matching (18)
	additional info: modify/delete:
	olcRootPW: no equality matching rule

I suppose the access restriction to the rootdn's userPassword attribute
does not take effect as the provided password will be compared against
the olcRootPW attribute (directly).

Thanks in advance

Michael

Follow-Ups:
- Re: Controlling rootdn access
  - From: Abdelhamid Meddeb <abdelhamid@meddeb.net>

Prev by Date: Re: accesslog purge starves kerberos kdc authentications
Next by Date: Antw: Re: accesslog purge starves kerberos kdc authentications
Index(es):
- Chronological
- Thread