[Date Prev][Date Next] [Chronological] [Thread] [Top]

The RootDN

It's been 3 days since I first started reading and playing with openLDAP.  Prior to this, I have had no ldap experience of any kind, so please bear with me.  (Hopefully this doesn't reach a new low... )

I am working on setting up my first ldap server for a demo environment, and I can't seem to wrap my head around what a rootdn is.  I have read several articles, even much of the Zytrax book, and I still cannot figure out what this rootdn is.

I get that it is a user, so maybe better stated, I don't understand where the user exists.  Is it an OS user with filesystem privileges? Is it a user that exists in every DIT? If so, when/where is it used, can you have multiple, is it only usuable/accesible when you "include" the core.schema, .. ?

If I had to guess, I would say:
  - A rootdn exists in the DIT as a completely arbitrary user (absolutely no relation to the OS)
  - There can only be one rootdn per DIT
  - (Consquently) If a parent defines a rootdn, any referral cannot
  - The rootdn is used for some kind of system action (who knows what)

I know this is the "technical" forum, but I am more so interested in the "why to's" and "reasons behind" than the "how to's".

Any clarity would be greatly appreciated.