[Date Prev][Date Next]
Re: Advertising configcontext in Root-DSE
On Thursday 16 February 2006 19:00, Howard Chu wrote:
> Ralf Haferkamp wrote:
> > On Thursday 16 February 2006 16:41, Pierangelo Masarati wrote:
> >>> Ralf Haferkamp wrote:
> >>>> Hi,
> >>>> I just recognized that current slapd advertises the
> >>>> config-context in root-dse, even if back-config is not used
> >>>> (e.g. no config directory exists). To me it seems useful to hide
> >>>> the
> >>>> "configContext" Attribute in such cases and deny searches below
> >>>> cn=config with "no such object".
> >>> No. The cn=config tree is always present; just that any changes
> >>> made when no backing directory exists will not persist.
> >> but if no "database config" directive is present, it's not
> >> accessible. I think this is what Ralf meant.
> > Yes. It's just confusing that you see "configContext" in the
> > Root-DSE but can't access it in any way.
> I don't consider this a condition worth testing for. You could have a
> sasl-regexp that maps some other identity to the cn=config DN.
Btw, while we are at it. For easy bootstrapping of back-config we could
add an implicit sasl-regexp that maps
"cn=config". This would allow root to configure slapd through ldapi.
I just played around a little with this and it seems to work with some
additional tweaks in bconfig.c.
SUSE LINUX Products GmbH, Maxfeldstrasse 5, D-90409 Nuernberg
F: +49-911-74053575 - Ralf.Haferkamp@suse.com