Re: backend overlays

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Monday, February 21, 2005 7:30 PM +0100 Pierangelo Masarati 
<ando@sys-net.it> wrote:

> > For item #2:
> >
> > I don't have any rootpw defined in any of my systems, as I use
> > SASL/GSSAPI authentication for all write-related activity.  I assume for
> > the back-config stuff then, it will be possible to define an ACL saying
> > what principal can write to that DB?  Or a configuration directive?
>
> I guess that, as soon as back-config uses the frontend's access checking
> capabilities, your guess is correct.  I only fear transient cases, when
> access control is not ready yet but you want to write a configuration.  In
> those cases you'll likely need the rootdn.

Yeah, the bootstrap case seems the most difficult, although I think I was 
expecting to bootstrap via slapadd (rather than ldapadd) which wouldn't 
require a rootdn.  But in general, it seems it would be a must for some 
people.

--Quanah


--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin