[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Controlling rootdn access
On 07.11.2015 11:38, Michael Ströder wrote:
>
> There is no such thing as a pseudo rootdn.
>
> 1. Either you have rootdn directive set or not.
> Note: It is needed for some overlays.
>
> 2. Either you have rootpw directive set or not.
>
> I always use slapd -h "ldapi://.." omit rootpw and have the following directive:
>
> authz-regexp
> "gidnumber=0\\+uidnumber=0,cn=peercred,cn=external,cn=auth"
> "cn=root,dc=example,dc=com"
>
> Then user root can always locally authenticate without a password like this:
>
> ldawhoami -H ldapi:// -Y EXTERNAL
Thank you. How do you prevent remote logins as cn=root,dc=example,dc=com
in that setup?
Michael