Jephte Clain wrote: > I have an ldap server with rootdn cn=admin,dc=domain,dc=tld and password set > in cn=config (this is openldap 2.4.40 on debian squeeze) > > I have also the ldap objet cn=admin,dc=domain,dc=tld in the database, with a > *different* password > > both password seem to authenticate. is this expected? IIRC it always worked like this. > Being able to regularly change the root dn password looks like a good thing > to me. If you want security then avoid using rootpw. There is no serious use-case where you have to bind as rootdn via remote LDAP. And for repairing defects locally use a authz-regexp for LDAPI access with SASL/EXTERNAL bind of user root. Ciao, Michael.
Description: S/MIME Cryptographic Signature