[Date Prev][Date Next] [Chronological] [Thread] [Top]

root dn password: which one is the reference?


I have an ldap server with rootdn cn=admin,dc=domain,dc=tld and password set in cn=config (this is openldap 2.4.40 on debian squeeze)

I have also the ldap objet cn=admin,dc=domain,dc=tld in the database, with a *different* password

both password seem to authenticate. is this expected?

This used NOT to work (I don't remember but I think it was on an old version using slapd.conf). I have always considered the password defined in cn=config to be the last resort password, in case the database is corrupted. but when the database is active, I expect the password in the database to be the reference. Being able to regularly change the root dn password looks like a good thing to me.
Obviously I'm wrong :-)
Out of curiosity, when did this change, if ever?

TIA. with best regards,

Jephté Clain
Direction des Systèmes d'Information
et des Usages Numériques - 2IG
Tél. 0262 93 86 31
Fax. 0262 93 81 06