[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: question about cn=config replication and security.

I think it should be possible to use an ACL to set up an RO (read only?) user from, for example a specific IP address, but you are always going to have to have at least one user that can r/w.

As far as I'm aware, it's not possible to set cn=config into read only mode.  (which is a good thing otherwise you'd be kind of stuck)


On 11 Feb 2011, at 18:26, Mailing Lists wrote:

> Hello.
> I'm running a pair of openldap 2.4 servers which replicate cn=config DB in mirror mode.
> Is there a way to configure a RO user (like user from BDB) for cn=config DB, so should someone get a hold of it's password, and still will not be able to change the configs ?
> Regards.

Alister Forbes  TACSUNS             _.|._.|._ Cisco Systems

Please avoid sending me Word or PowerPoint attachments. See -

Attachment: PGP.sig
Description: This is a digitally signed message part