[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Creating database, catch-22

Pierangelo Masarati writes:
>Peter Mogensen wrote:
>> PS: As you can probably see, all access goes through SASL EXTERNAL. UNIX 
>> root maps to cn=config via ldapi:///,

...plus authz-regexp, I assume

> remote access uses x509 certificates.
> Add an ACL (either global, if there aren't any in that database, or 
> local) that allows the identity you trust to write to that database.

Or (temporarily?) change rootdn for the HDB database to cn=config,
so root won't need a password for that rootdn over ldapi://.  Or use
authz-regexp to map your SASL/EXTERNAL identity to the database's
rootdn instead of to cn=config.