Michael Hierweck wrote: > On 07.11.2015 11:38, Michael Ströder wrote: >> >> There is no such thing as a pseudo rootdn. >> >> 1. Either you have rootdn directive set or not. >> Note: It is needed for some overlays. >> >> 2. Either you have rootpw directive set or not. >> >> I always use slapd -h "ldapi://.." omit rootpw and have the following directive: >> >> authz-regexp >> "gidnumber=0\\+uidnumber=0,cn=peercred,cn=external,cn=auth" >> "cn=root,dc=example,dc=com" >> >> Then user root can always locally authenticate without a password like this: >> >> ldawhoami -H ldapi:// -Y EXTERNAL > > Thank you. How do you prevent remote logins as cn=root,dc=example,dc=com > in that setup? You cannot remotely authenticate as rootdn without rootpw directive. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature