[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: root-only configuration

Peter Mogensen wrote:
Howard Chu wrote:
Do it right, use SASL/EXTERNAL and use authz-regexp to map Unix
credentials to LDAP credentials.

And don't mess around with "userPassword" when "rootpw" is what you need.

won't setting a rootpw allow anyone being able to guess it to connect on any socket (TCP/UNIX) that slapd is listening on an bind as cn=config?

Then just use SASL/EXTERNAL and don't use any passwords at all.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/