[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Local root user changing passwords...

Sorry, should have been more specific.

This is a LDAP client I am trying to prevent the local root account from having the ability to change any users password in the LDAP database.

As it stands now, the current password for the user is required to change it, so I believe my issue has gone away in a sense. the rootdn can reset the password in the directory, which should be the case anyway if a password is lost. 

Thanks for the response, and sorry for the confusion


-----Original Message-----
From:	David Morton [mailto:mortonda@osprey.net]
Sent:	Wed 12/4/2002 2:04 PM
To:	openldap-software@OpenLDAP.org
Subject:	Re: Local root user changing passwords...
Someone correct me if I'm wrong, but if the openldap server is running
on a box that someone has root access to, that someone has "god" powers
over that database.  They could always read/change the rootdn in the
slapd config file, and restart the server.  

On Wed, 2002-12-04 at 13:30, Wade Winright wrote:
> Hello all, 
> I have searched for answers on this topic to no avail.
> I am trying to restrict a local hosts "root" user from changing LDAP users passwords. I have deleted the root user from the LDAP database, but it seems that that had no effect. Any ideas? Pointers?
> Running:
> RH 8.0
> Default OpenLDAP (2.0.25)
> Clients:
> RH 8.0 defaults
> THanks for your time,
> Wade
David Morton
Vice President
Osprey Network Technologies