Re: Admin user has two passwords

[Dan White <dwhite@olp.net>]

On 12/28/12 09:30 +0100, Wiebe Cazemier wrote:
> ----- Original Message -----
> > From: "Maarten Vanraes" <maarten.vanraes@gmail.com>
> > To: openldap-technical@openldap.org
> > Cc: "Wiebe Cazemier" <wiebe@halfgaar.net>
> > Sent: Tuesday, 25 December, 2012 1:08:46 AM
> > Subject: Re: Admin user has two passwords
> >
> > you could just have multiple userPassword values...
>
> That doesn't seem to be it. When I do:
>
>
> ldapsearch -D "cn=admin,dc=domain,dc=tld" -W -xLLL -H ldap://ldap.domain.tld/  uid userPassword
>
>
> It shows that admin has only one password:
>
>
> dn: cn=admin,dc=ytec,dc=nl
> userPassword:: [hash]=
>
>
> But about the root user. How does that relate to an admin user?

There is no admin user per se. There is an authentication identity that
you can specify in your configuration with rootdn/olcRootDN, along with
it's password, rootpw/OlcRootPW.

Creating the same DN within your DIT may confuse things, and it is not
necessary that it actually exist (unless you do not specify a rootpw).

See:

http://www.openldap.org/doc/admin24/access-control.html#Controlling%20rootdn%20access

and the slapd.conf/slapd-config man pages.

--
Dan White