[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP backend problem



At 11:57 AM 2/1/00 +0100, Mikael wrote:
>Sorry for all these emails but I think I have found the error:
>When starting slapd it reads rootdn from slapd.conf which in this case was
>
>o=envilogg,c=se . But when I tried to start ldapmodify tool I used bind dn
>as
>cn=root,dc=envilogg,dc=se but with the correct password.
>This gave me LDAP_INVALID_CREDENTIALS as response.

This is a valid and legal response.

>So here comes a new question (which I cc to openldap dev mailing list
>aswell):
>
>I would like to have several customers linked to the SAME backend
>functions.
>They all have different root_dn:s and different passwords.
>So my questions is: is it possible to have several root_dn,root_pw to the
>same database (or directory) definition?

Use ACLs.  root_dn/root_pw should be reserved for use by the
directory manager.  I generally disable root_dn,root_pw on
production servers.

>The incoming root_dn will then be
>validated and used to link to the correct database in my backend
>functions.

The correct database should be determined by the target DN of
the operation, not the subject DN.