[Date Prev][Date Next]
Re: root dn password: which one is the reference?
thanks for the security advice.
I already have the "authz-regexp for LDAPI access with SASL/EXTERNAL
bind of user root" for local access.
I mainly use command line, but I kept the rootpw for when I'm lazy and
use the gui.
well, I guess one don't easily change for the better :-)
Fortunately, I'm rarely that lazy...
anyway, I'll follow your advice
Thanks again. see ya
2015-02-23 13:29 GMT+04:00 Michael Ströder <email@example.com>:
> Jephte Clain wrote:
>> I have an ldap server with rootdn cn=admin,dc=domain,dc=tld and password set
>> in cn=config (this is openldap 2.4.40 on debian squeeze)
>> I have also the ldap objet cn=admin,dc=domain,dc=tld in the database, with a
>> *different* password
>> both password seem to authenticate. is this expected?
> IIRC it always worked like this.
>> Being able to regularly change the root dn password looks like a good thing
>> to me.
> If you want security then avoid using rootpw. There is no serious use-case
> where you have to bind as rootdn via remote LDAP. And for repairing defects
> locally use a authz-regexp for LDAPI access with SASL/EXTERNAL bind of user root.
> Ciao, Michael.
Direction des Systèmes d'Information
et des Usages Numériques - 2IG
Tél. 0262 93 86 31
Fax. 0262 93 81 06