[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authentication for on the fly configuration updates in OpenLDAP 2.4



On 28/01/11 16:34 +0100, Pierangelo Masarati wrote:
You can't set the "rootpw" for a "rootdn" outside the naming context of a database. Either set

Ok, I'm finally starting to get a grasp on cn=config. If I understand
correctly, there will always be a rootdn for cn=config, regardless if one
one specified in the original slapd.conf. If one was not, the rootdn will
default to 'cn=config' (or is it cn=admin,dc=config?).


database        config
rootdn          "cn=admin,dc=example,dc=org"

or

database        config
rootdn          "cn=admin,cn=config"
rootpw          xxx

In the first case, the user "cn=admin,dc=example,dc=org" will need to authenticate otherwise (e.g. from within another database, or using SASL).

Is there a supported way to generate or modify the appropriate authz-regexp
config for SASL authentication, assuming that one did not exist within the
original slapd.conf?

I've heard mention of a slapmodify command in a future version, so I'm
assuming that's going to be the supported solution.

--
Dan White