Abdelhamid Meddeb wrote: > Be careful with this kind of change and keep in mind that after deleting > olcRooPW you don't have a true rootdn at all. > A true rootdn don't need any explicitly right access by the ACLs, but the > pseudo (new) rootdn need it, and if no rule grant him the access the operation > fail. There is no such thing as a pseudo rootdn. 1. Either you have rootdn directive set or not. Note: It is needed for some overlays. 2. Either you have rootpw directive set or not. I always use slapd -h "ldapi://.." omit rootpw and have the following directive: authz-regexp "gidnumber=0\\+uidnumber=0,cn=peercred,cn=external,cn=auth" "cn=root,dc=example,dc=com" Then user root can always locally authenticate without a password like this: ldawhoami -H ldapi:// -Y EXTERNAL Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature