[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: root dn password: which one is the reference?

Jephte Clain wrote:
> I have an ldap server with rootdn cn=admin,dc=domain,dc=tld and password set
> in cn=config (this is openldap 2.4.40 on debian squeeze)
> I have also the ldap objet cn=admin,dc=domain,dc=tld in the database, with a
> *different* password
> both password seem to authenticate. is this expected?

IIRC it always worked like this.

> Being able to regularly change the root dn password looks like a good thing
> to me.

If you want security then avoid using rootpw.  There is no serious use-case
where you have to bind as rootdn via remote LDAP.  And for repairing defects
locally use a authz-regexp for LDAPI access with SASL/EXTERNAL bind of user root.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature