[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy not verifying password length (not active !!)

To: openldap-technical@openldap.org
Subject: Re: ppolicy not verifying password length (not active !!)
From: Terje Trane <terjet@funcom.com>
Date: Thu, 06 Mar 2014 11:26:37 +0100
In-reply-to: <A4F542D25A8F5D4BA49A8F3BAEC8F07E05769AE6@singan07.inga.pt>
References: <A4F542D25A8F5D4BA49A8F3BAEC8F07E05769631@singan07.inga.pt><CAK_oV4-Osaezsehq7nC_Q1q1XiC0wcfTQNhBu9W68zKtL_=y3g@mail.gmail.com><A4F542D25A8F5D4BA49A8F3BAEC8F07E05769692@singan07.inga.pt> <CAK_oV4_fDYQ82aJoqAkPq-dctTmGxn9OrX25WpUFdZGwp_RbfQ@mail.gmail.com>, <A4F542D25A8F5D4BA49A8F3BAEC8F07E057696F4@singan07.inga.pt> <3c56bedeedab855f4bb89d8624ec7a79@srv1.stroeder.com> <1394078761.97381.YahooMailNeo@web192205.mail.sg3.yahoo.com> <A4F542D25A8F5D4BA49A8F3BAEC8F07E05769AE6@singan07.inga.pt>
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0

On 06.03.2014 09:40, Rodrigo Coutinho wrote:

Still in shock though, that the root user can mess up the other usersdata.

This I find strange. "Root" or "the superuser" or whatever having fullaccess it the norm in many systems, like Unix, and is for "special use"by qualified personnel only.

My understanding at least is that the rootdn account, (don't confuse itwith the unix root account, we're talking about the special rootdnaccount with total control of the OpenLDAP server only), is there so youcan use it while setting up the system since there is no LDAP user touse, and no access rights to give, before you have created it.

Then, when you have set up the LDAP server database and a user withsufficient access right, you should disable the rootdn user.

But there are many guides out there in google-land (and maybe inopenldap.org too) that might confuse people. The rootdn account is aspecial "virtual" account. It doesn't even exist in the LDAP data tree(though you can duplicate it). Actually, I usually set its name to thesame as the suffix since I find that making it clearer that it is not areal user account than if you use the common rootdn"cn=Manager,dc=<MY-DOMAIN>,dc=<COM>".


---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com

References:
- ppolicy not verifying password length (not active !!)
  - From: Rodrigo Coutinho <Rodrigo.Coutinho@ifap.pt>
- Re: ppolicy not verifying password length (not active !!)
  - From: Clément OUDOT <clem.oudot@gmail.com>
- RE: ppolicy not verifying password length (not active !!)
  - From: Rodrigo Coutinho <Rodrigo.Coutinho@ifap.pt>
- Re: ppolicy not verifying password length (not active !!)
  - From: Clément OUDOT <clem.oudot@gmail.com>
- RE: ppolicy not verifying password length (not active !!)
  - From: Rodrigo Coutinho <Rodrigo.Coutinho@ifap.pt>
- Re: ppolicy not verifying password length (not active !!)
  - From: "Michael StrÃder" <michael@stroeder.com>
- Re: ppolicy not verifying password length (not active !!)
  - From: saurabh ohri <sam_ohri@yahoo.co.in>
- RE: ppolicy not verifying password length (not active !!)
  - From: Rodrigo Coutinho <Rodrigo.Coutinho@ifap.pt>

Prev by Date: Re: ppolicy not verifying password length (not active !!)
Next by Date: RE: ppolicy not verifying password length (not active !!)
Index(es):
- Chronological
- Thread