[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP backend problem
At 11:57 AM 2/1/00 +0100, Mikael wrote:
>Sorry for all these emails but I think I have found the error:
>When starting slapd it reads rootdn from slapd.conf which in this case was
>
>o=envilogg,c=se . But when I tried to start ldapmodify tool I used bind dn
>as
>cn=root,dc=envilogg,dc=se but with the correct password.
>This gave me LDAP_INVALID_CREDENTIALS as response.
This is a valid and legal response.
>So here comes a new question (which I cc to openldap dev mailing list
>aswell):
>
>I would like to have several customers linked to the SAME backend
>functions.
>They all have different root_dn:s and different passwords.
>So my questions is: is it possible to have several root_dn,root_pw to the
>same database (or directory) definition?
Use ACLs. root_dn/root_pw should be reserved for use by the
directory manager. I generally disable root_dn,root_pw on
production servers.
>The incoming root_dn will then be
>validated and used to link to the correct database in my backend
>functions.
The correct database should be determined by the target DN of
the operation, not the subject DN.