[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: help troubleshooting

To: openldap-technical@openldap.org
Subject: Re: help troubleshooting
From: Michael Ströder <michael@stroeder.com>
Date: Wed, 1 Feb 2017 09:09:45 +0100
In-reply-to: <C65D358754E6DEA99CA58F20@[192.168.1.30]>
Openpgp: id=43C8730E84A20E560722806C07DC7AE36A8BC938
References: <0d0720fd-8678-7d16-2f16-330a1ac68502@drigon.com> <WM!fb0eded44b9345d638603402e962432a04e8d62377cd944bb11af50e38a73c54005b1691557392e9793eff9a8f8cfccb!@mailstronghold-1.zmailcloud.com> <C65D358754E6DEA99CA58F20@[192.168.1.30]>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:49.0) Gecko/20100101 SeaMonkey/2.46

Quanah Gibson-Mount wrote:
> I would note that the rootdn is never subject to ACLs (as documented in the
> slapd.access(5) man page).

To add:
- This applies for the same backend for which the rootdn is defined.
- The rootdn in one backend does not have any special rights in other backends.

>  So there is no point in listing it in ACLs.

In my setups I usually use the "rootdn" of the main backend in ACLs for other backends
(e.g. cn=config, cn=monitor, cn=accesslog).

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

References:
- Re: help troubleshooting
  - From: Quanah Gibson-Mount <quanah@symas.com>

Prev by Date: Re: help troubleshooting
Next by Date: Re: help troubleshooting
Index(es):
- Chronological
- Thread