[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: using cn=config to retrieve DIT records

Hello Michael,

Thank you for reading my email and replying to the thread.

I don't believe that you answered my question. I was probably unclear.
Sorry. I will rephrase, as I am still looking for information.

Is there a reason why I should not be able to, or just should not, do the below:
1. change my OpenLDAP server configuration so cn=config can be
successfully authenticated using password.
2. retrieve records from non-config database[s] [over network, for
example giving ldapsearch -D cn=config -W]


Igor Shmukler

On Mon, Mar 2, 2015 at 12:26 PM, Michael Ströder <michael@stroeder.com> wrote:
> Igor Shmukler wrote:
>> I have a  multi-tenant [multiple DITs] LDAP directory setup.
>> One of things that I need to be able to do, is to retrieve records
>> from individual domain [DIT] -level databases using "superuser"
>> credentials.
> You should start to read about access control:
> slapd.access(5)
> http://www.openldap.org/doc/admin24/access-control.html
> http://www.openldap.org/faq/data/cache/189.html
> Don't claim to have a multi-tenant service before you really understood all of
> the above.
> Ciao, Michael.