[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3819) Strange slapd.conf diagnostic after authz-regexp

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#3819) Strange slapd.conf diagnostic after authz-regexp
From: ando@sys-net.it
Date: Sat, 2 Jul 2005 09:20:26 GMT

hyc@symas.com wrote:

>Hallvard B Furuseth wrote:
>  
>
>>Aha.  That solved a small mystery for me, once I looked at it
>>in cn=config:
>>
>>The root DSE no longer uses ACLs from the first database.
>>it Only uses the global ACLs and the 'database frontend' ACLs,
>>because the supposedly global ACLs end up in frontendDB.
>>  
>>    
>>
>Yes. This was discussed recently
>http://www.openldap.org/lists/openldap-devel/200504/msg00045.html
>but I don't think any course of action was decided.
>  
>
Note that HEAD differs from any released code since #ifdef LDAP_DEVEL
the ACLs of frontendDB are used instead of those of the first backend.

>>Also, rootdn/rootpw was also applied from the first database, but
>>those are now taken from frontendDB and I can't get rootdn/rootpw
>>from frontendDB to work.
>>  
>>    
>>
>
>Well, rootpw makes no sense for the frontendDB. The question about 
>rootdn is still open.
>  
>

I do not quite understand this comment.  In principle (never thought 
about it so I'm just trying to form a consistent thought) we could have 
a "global rootdn", which would be the frontend's rootdn, whose authority 
spans the entire system, unless a "rootdn" is defined for a database; in 
the latter case, that "local rootdn" would prevail.  If we implement 
something like this, a "rootpw" for the frontendDB would make as much 
sense as it does for each database (with the same pros and cons, I mean).

p.

    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

Prev by Date: Re: (ITS#3819) Strange slapd.conf diagnostic after authz-regexp
Next by Date: Re: (ITS#3817) slapadd (glue?) dumps core under ridiculous situations
Index(es):
- Chronological
- Thread