[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How do I allow root to edit mdb database?

To: openldap-technical@openldap.org
Subject: Re: How do I allow root to edit mdb database?
From: John Lewis <oflameo2@gmail.com>
Date: Tue, 2 Aug 2016 07:15:16 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=rDeR6n6fqg/bRUoqM8KX0iv4tbLW1V2/J6txHQ5jlCM=; b=dSaKcg7q1FOTBQSonF7ZTAhoTcYSV7AS/5MBw/HmgICwok6qDq3JFG+CKyqwbBCOOX xz8Vjkny3gfRU/M6xkbTWXAW/B7RgVrwHuerHgX43aHKMAZBWejUGnSP5MYeTPE6LQp0 63WcHMiBqHgUQTRZg735jCpSe4hasKIz1FhpoMF789LI2DRDcigm+RCbtM9iWdfXSqiZ +p+TE61DbgXjaIRgPKkx1xI3Ay5DdXW9L5pT11Wdpgixnove98U3tv7l/8Cyif+NjKRl Cr7Nxdt3KWEN8teQrPVnP4JDJKeL3kR7p9+xIIkqHHWxKoM0N8NMfgJETQZ+tV4xecNg wrgw==
In-reply-to: <20160802111532.060a141e@pink.avci.de>
References: <b96fc521-78e1-7936-08a5-66b304e7f4d0@gmail.com> <20160802111532.060a141e@pink.avci.de>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.1.0

On 08/02/2016 05:15 AM, Dieter Klünter wrote:
> Am Tue, 2 Aug 2016 00:37:58 -0400
> schrieb John Lewis <oflameo2@gmail.com>:
>
>> How do I allow root aka
>>  to edit
>> olcDatabase={1}mdb,cn=config. I am trying to configure ldapscripts
>> <https://packages.debian.org/jessie/ldapscripts>, but the idea of
>> having a password in the clear is just disturbing.
> There is no password involved, if handled this correctly. The idea is
> that posix account of root is bound to uid number 0 and group id number
> 0. While  data transport is done over ldapi (IPC) and a SASL EXTERNAL
> Mechanism is called, ipc function provides permission information to the
> operation. This permission id is mapped onto rootdn of cn=config.
> [...]
>
> -Dieter
>
If I wanted to map the permissions from
dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external to my
olcRootDN: which I will call cn=Manager,dc=example,dc=com which is the
olcRootDN: for dn: olcDatabase={1}mdb,cn=config, how would I do it?

Follow-Ups:
- Re: How do I allow root to edit mdb database?
  - From: Hallvard Breien Furuseth <h.b.furuseth@usit.uio.no>

References:
- How do I allow root to edit mdb database?
  - From: John Lewis <oflameo2@gmail.com>
- Re: How do I allow root to edit mdb database?
  - From: Dieter Klünter <dieter@dkluenter.de>

Prev by Date: Re: How do I allow root to edit mdb database?
Next by Date: Re: How do I allow root to edit mdb database?
Index(es):
- Chronological
- Thread