[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Olc deployment vs slapd.conf based deployment
On Sat, Sep 16, 2017 at 04:24:36PM +0200, Daniel Pluta wrote:
> On 16.09.2017 09:04, Michael Str??der wrote:
> >Daniel Pluta wrote:
> >>Call it strange, useless, insane, fine or whatever, but my customers
> >>(also anybody who's interested in using a distinct service) should
> >>be able to get a chance for a detailed view into the running
> >>configuration of each service - before and while using it. slapd's
> >>cn=config supports this, not perfectly but better than any other
> >>service I'm aware of. For further details see our paper from
> >>LDAPcon2011.
I'm jumping in late here. I'm curious about this talk. I see a YouTube
playlist of LDAPCon 2011 talkshere; which one should I look at for these
details?
https://www.youtube.com/playlist?list=PLXuMrj-t1hqGdOJvswPFvNtwZFHD5SODK
> >
> >I very well remember your interesting talk and that you give read access
> >to olcRootDN to prove it's not set.
>
>
> It was olcRootPw: to prove that it's not present and thus there is no
> slapd-BOFH (aka administrative man-in-the-middle).
>
> I very well remember the shocked/laughing faces of (parts of) the
> audience right after I switched to the slide containing this at first
> surely suicidal seeming ACL.
>
> Forget about it. It's sufficient to keep in mind that the future lies in
> cn=config. ;-)
>
>
--
Brian Reichert <reichert@numachi.com>
BSD admin/developer at large