[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: using cn=config to retrieve DIT records

To: Michael Ströder <michael@stroeder.com>
Subject: Re: using cn=config to retrieve DIT records
From: Igor Shmukler <igor.shmukler@gmail.com>
Date: Mon, 2 Mar 2015 17:05:18 +0200
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=nVx6Q1+jP7aK90PJ1bvq/7XQYYcy7UWhd5fav+uzPpk=; b=zZiYSS548nwDfXC2V2K23N83Y/CYEYCJtppK0U9aWu5SYl4+GgmpMNcTjMe/kgHEjU 93eellZTMfOUDWfiWxsH/gS2Mn8jnsEX6UStEl1zuOKxUmqz65A+v8/gzCwLtnjj9qQP BPKZAunU5hRmKwx2mCBq5/oWNih2X5lXru17KJ/tUmzSATCSkYRdDyQlsvxOVak/wh5K kiIeijsh4Ohrb8lLRnS988W7lLhRtIehUVWFL9xn8wzvE9A3MzzXoyvKOAXCv4GeONio Ea4gb0IWTN264sGDL135eLopeRJAan5EsQZ0w8RqV8LpC4fit3qBkjmpElBvMjzjydEt KbLg==
In-reply-to: <54F43ACC.80107@stroeder.com>
References: <CAA1SNA0T0Y2ax0W=1T3D+AETNgzktJr8O6a6H6sTyx0HVCg49A@mail.gmail.com> <54F43ACC.80107@stroeder.com>

Hello Michael,

Thank you for reading my email and replying to the thread.

I don't believe that you answered my question. I was probably unclear.
Sorry. I will rephrase, as I am still looking for information.

Is there a reason why I should not be able to, or just should not, do the below:
1. change my OpenLDAP server configuration so cn=config can be
successfully authenticated using password.
2. retrieve records from non-config database[s] [over network, for
example giving ldapsearch -D cn=config -W]

Sincerely,

Igor Shmukler

On Mon, Mar 2, 2015 at 12:26 PM, Michael Ströder <michael@stroeder.com> wrote:
> Igor Shmukler wrote:
>> I have a  multi-tenant [multiple DITs] LDAP directory setup.
>> One of things that I need to be able to do, is to retrieve records
>> from individual domain [DIT] -level databases using "superuser"
>> credentials.
>
> You should start to read about access control:
>
> slapd.access(5)
>
> http://www.openldap.org/doc/admin24/access-control.html
>
> http://www.openldap.org/faq/data/cache/189.html
>
> Don't claim to have a multi-tenant service before you really understood all of
> the above.
>
> Ciao, Michael.
>

Follow-Ups:
- Re: using cn=config to retrieve DIT records
  - From: Michael Ströder <michael@stroeder.com>

References:
- using cn=config to retrieve DIT records
  - From: Igor Shmukler <igor.shmukler@gmail.com>
- Re: using cn=config to retrieve DIT records
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: RE24 testing call (2.4.41)
Next by Date: Re: RE24 testing call (2.4.41)
Index(es):
- Chronological
- Thread