[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How do I allow root to edit mdb database?

To: openldap-technical@openldap.org
Subject: Re: How do I allow root to edit mdb database?
From: Dieter Klünter <dieter@dkluenter.de>
Date: Tue, 2 Aug 2016 11:15:32 +0200
In-reply-to: <b96fc521-78e1-7936-08a5-66b304e7f4d0@gmail.com>
Organization: AVCI
References: <b96fc521-78e1-7936-08a5-66b304e7f4d0@gmail.com>

Am Tue, 2 Aug 2016 00:37:58 -0400
schrieb John Lewis <oflameo2@gmail.com>:

> How do I allow root aka
> dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external to edit
> olcDatabase={1}mdb,cn=config. I am trying to configure ldapscripts
> <https://packages.debian.org/jessie/ldapscripts>, but the idea of
> having a password in the clear is just disturbing.

There is no password involved, if handled this correctly. The idea is
that posix account of root is bound to uid number 0 and group id number
0. While  data transport is done over ldapi (IPC) and a SASL EXTERNAL
Mechanism is called, ipc function provides permission information to the
operation. This permission id is mapped onto rootdn of cn=config.
[...]

-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E

Follow-Ups:
- Re: How do I allow root to edit mdb database?
  - From: John Lewis <oflameo2@gmail.com>

References:
- How do I allow root to edit mdb database?
  - From: John Lewis <oflameo2@gmail.com>

Prev by Date: How do I allow root to edit mdb database?
Next by Date: Re: How do I allow root to edit mdb database?
Index(es):
- Chronological
- Thread