On 16.09.2017 09:04, Michael Ströder wrote:
Daniel Pluta wrote:Call it strange, useless, insane, fine or whatever, but my customers (also anybody who's interested in using a distinct service) should be able to get a chance for a detailed view into the running configuration of each service - before and while using it. slapd's cn=config supports this, not perfectly but better than any other service I'm aware of. For further details see our paper from LDAPcon2011.I very well remember your interesting talk and that you give read access to olcRootDN to prove it's not set.
It was olcRootPw: to prove that it's not present and thus there is no slapd-BOFH (aka administrative man-in-the-middle).
I very well remember the shocked/laughing faces of (parts of) the audience right after I switched to the slide containing this at first surely suicidal seeming ACL.
Forget about it. It's sufficient to keep in mind that the future lies in cn=config. ;-)