[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Multiple syncrepl problems

To: openldap-software@OpenLDAP.org
Subject: RE: Multiple syncrepl problems
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Tue, 11 Jan 2005 09:55:39 -0800
Cc: Darren Gamble <darren.gamble@sjrb.ca>
Content-disposition: inline
In-reply-to: <F2AC1E62AC3CBB49BB518BEA3415322216331C14@shawmail02.shaw.ca>
References: <F2AC1E62AC3CBB49BB518BEA3415322216331C14@shawmail02.shaw.ca>

--On Tuesday, January 11, 2005 10:29 AM -0700 Darren Gamble <darren.gamble@sjrb.ca> wrote:

OK, we can add the rootdn back in, then.  Last question, I think - should
a rootdn be defined on the provider, as well?  And it's unnecessary (and
possibly insecure) to supply a rootpw if the password is defined in the
data, correct?

Could both the Admin Guide and man pages both be corrected to reflect
these changes, please, if they will be permanent?  The slapd.conf man
page still says "It is recommended that the rootdn only be specified when
needed (such as when initially populating a database)", which I'm sure a
large number of other admins have tried to follow.


Darren,

The rootdn does not need to exist as a valid entry in the database, and there is no need to define a password for it. I certainly don't. I don't see any security issue around simply defining what it is if nothing can use it (other than syncRepl).

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin

References:
- RE: Multiple syncrepl problems
  - From: Darren Gamble <darren.gamble@sjrb.ca>

Prev by Date: Re: Multiple syncrepl problems
Next by Date: RE: openldap db wiped?
Index(es):
- Chronological
- Thread