[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Controlling rootdn access



Michael Hierweck wrote:
> On 07.11.2015 11:38, Michael Ströder wrote:
>>
>> There is no such thing as a pseudo rootdn.
>>
>> 1. Either you have rootdn directive set or not.
>> Note: It is needed for some overlays.
>>
>> 2. Either you have rootpw directive set or not.
>>
>> I always use slapd -h "ldapi://.." omit rootpw and have the following directive:
>>
>> authz-regexp
>>   "gidnumber=0\\+uidnumber=0,cn=peercred,cn=external,cn=auth"
>>   "cn=root,dc=example,dc=com"
>>
>> Then user root can always locally authenticate without a password like this:
>>
>> ldawhoami -H ldapi:// -Y EXTERNAL
> 
> Thank you. How do you prevent remote logins as cn=root,dc=example,dc=com
> in that setup?

You cannot remotely authenticate as rootdn without rootpw directive.

Ciao, Michael.


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature