[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: backend overlays

--On Monday, February 21, 2005 7:30 PM +0100 Pierangelo Masarati <ando@sys-net.it> wrote:

For item #2:

I don't have any rootpw defined in any of my systems, as I use
SASL/GSSAPI authentication for all write-related activity.  I assume for
the back-config stuff then, it will be possible to define an ACL saying
what principal can write to that DB?  Or a configuration directive?

I guess that, as soon as back-config uses the frontend's access checking capabilities, your guess is correct. I only fear transient cases, when access control is not ready yet but you want to write a configuration. In those cases you'll likely need the rootdn.

Yeah, the bootstrap case seems the most difficult, although I think I was expecting to bootstrap via slapadd (rather than ldapadd) which wouldn't require a rootdn. But in general, it seems it would be a must for some people.


-- Quanah Gibson-Mount Principal Software Developer ITSS/Shared Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin