I think it should be possible to use an ACL to set up an RO (read only?) user from, for example a specific IP address, but you are always going to have to have at least one user that can r/w. As far as I'm aware, it's not possible to set cn=config into read only mode. (which is a good thing otherwise you'd be kind of stuck) Alister On 11 Feb 2011, at 18:26, Mailing Lists wrote: > Hello. > > I'm running a pair of openldap 2.4 servers which replicate cn=config DB in mirror mode. > Is there a way to configure a RO user (like user from BDB) for cn=config DB, so should someone get a hold of it's password, and still will not be able to change the configs ? > > Regards. -- Alister Forbes TACSUNS _.|._.|._ Cisco Systems Please avoid sending me Word or PowerPoint attachments. See - http://www.gnu.org/philosophy/no-word-attachments.html
Attachment:
PGP.sig
Description: This is a digitally signed message part