[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Installation openLDAP in Debian

To: Erwann ABALEA <eabalea@gmail.com>
Subject: Re: Installation openLDAP in Debian
From: Jose Ildefonso Camargo Tolosa <ildefonso.camargo@gmail.com>
Date: Thu, 21 Apr 2011 12:37:33 -0430
Cc: Howard Chu <hyc@symas.com>, Olivier Guillard <olivier@guillard.nom.fr>, Simone Piccardi <piccardi@truelite.it>, openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=etaXzDRYnc7IgDNcIXyzCoowneqO5lYaBAQ3+Hr/6qY=; b=qXz5SgdmHtRJ25eTVyEVXezNMo698J5stPCe7M2QbA7wmzO9uE4E/HADtltoODFnGP 08YUEaKH7mXLM17MIqebWIVmpsMeTuMWrsTSWGq1etbP+dwtHbWmJ2oEO32kIQfYu3l9 HrG9z4jqY3fGDcshdBIEmUTUYZrOXh+F9UsmI=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=hNUKm6xIH5voa+oMBY5oqVEmg2qFo2R+cbES857dIW7z41kKpydKChZVnUe9Nt62O9 VnlTJGEMjbwevk3Jq+Xf9jR0VMwciehwKTCEUttdxUkwSBlfxz1qKVSegt8aEdkJYml8 PJuPjkdVWr3ZxxUpUhRu3AAENCNvrlq/N4kDw=
In-reply-to: <BANLkTik1bdjNj-T6JE_u01q-1XexoxWYeg@mail.gmail.com>
References: <BANLkTikfeAfRqNVEJdvRcoXz2SMk_eOrPg@mail.gmail.com> <C16C64ECA2DAD0A5E5CC4523@192.168.1.2> <BANLkTinSnfoa62-6FUXF4x_JmDLF-29fjQ@mail.gmail.com> <4DAF1FE9.8050002@truelite.it> <BANLkTikj9JZCNA0jz2cHh_=_H3eEyN3LtA@mail.gmail.com> <4DAF4459.5010809@symas.com> <BANLkTinzCyCO28UZbwY=jaS5HiQJCjMZFA@mail.gmail.com> <4DAFF516.8070405@symas.com> <BANLkTimOPO3nMLOt4M-HChsKEXSWk=YOdA@mail.gmail.com> <4DB00712.70100@symas.com> <BANLkTim9+BgdZK2GHZRf4uXz9yc6+xN75w@mail.gmail.com> <BANLkTikHH+-7i1QqXQTc89pVA7rZSbjT0g@mail.gmail.com> <BANLkTik1bdjNj-T6JE_u01q-1XexoxWYeg@mail.gmail.com>

On Thu, Apr 21, 2011 at 12:32 PM, Erwann ABALEA <eabalea@gmail.com> wrote:
> 2011/4/21 Jose Ildefonso Camargo Tolosa <ildefonso.camargo@gmail.com>:
>> On Thu, Apr 21, 2011 at 11:47 AM, Olivier Guillard
>> <olivier@guillard.nom.fr> wrote:
>>>> No, that is not the meaning of "add".
>>>
>>> In that case, how can you change
>>> olcRootPW: MySecretPassword
>>
>> If you forgot your rootdn pass, and have no other user that with write
>> privileges to cn=config, I guess you would need to slapcat your
>> config, edit it, delete old config, and reload with slapadd.  Or...
>> take the risk and just edit the file by hand.
>
> Or use the ldapi:// URI, with "EXTERNAL" SASL mechanism, and correct ACL.

Ok.... can you elaborate? if you can do this, I feel that this is
almost a security problem (where you can bypass LDAP authentication by
using an external auth that was not previously configured on the
directory).

Follow-Ups:
- Re: Installation openLDAP in Debian
  - From: Erwann ABALEA <eabalea@gmail.com>

References:
- Installation openLDAP in Debian
  - From: "D. R. Paudel" <rajme690@gmail.com>
- Re: Installation openLDAP in Debian
  - From: Jose Ildefonso Camargo Tolosa <ildefonso.camargo@gmail.com>
- Re: Installation openLDAP in Debian
  - From: Jose Ildefonso Camargo Tolosa <ildefonso.camargo@gmail.com>
- Re: Installation openLDAP in Debian
  - From: Howard Chu <hyc@symas.com>
- Re: Installation openLDAP in Debian
  - From: Olivier <ldap@guillard.nom.fr>
- Re: Installation openLDAP in Debian
  - From: Howard Chu <hyc@symas.com>
- Re: Installation openLDAP in Debian
  - From: Howard Chu <hyc@symas.com>
- Re: Installation openLDAP in Debian
  - From: Jose Ildefonso Camargo Tolosa <ildefonso.camargo@gmail.com>
- Re: Installation openLDAP in Debian
  - From: Erwann ABALEA <eabalea@gmail.com>

Prev by Date: Re: Installation openLDAP in Debian
Next by Date: Re: Installation openLDAP in Debian
Index(es):
- Chronological
- Thread