[Date Prev][Date Next]
Re: Authenticating against slapd installed from package
Dennis Misc wrote:
> It seems that the binddn is listed on the database. Here is the
> output from the slapcat command:
I do hope that binddn is not rootdn, otherwise it would be a rather
Pardon my ignorance, what is the problem using the rootdn as binddn?
rootdn has full access to everything, you can't set acls to limit it's
scope. It's like logging onto your server as "root"; you can do
everything, but you could do anything. There is no protection against
acidentally deleteing your entire system.
So you want to use a different account that has limited scope,
especially if you are using a script to bind to the directory. Bugs in
scripts == potentially destroyed data.
Perfection is just a word I use occasionally with mustard.
DigiPen Institute of Technology