Re: Olc deployment vs slapd.conf based deployment

[Dieter Klünter <dieter@dkluenter.de>]

Am Mon, 18 Sep 2017 10:12:23 -0400
schrieb Brian Reichert <reichert@numachi.com>:

> On Sat, Sep 16, 2017 at 04:24:36PM +0200, Daniel Pluta wrote:
> > On 16.09.2017 09:04, Michael Str??der wrote:  
> > >Daniel Pluta wrote:  
> > >>Call it strange, useless, insane, fine or whatever, but my
> > >>customers (also anybody who's interested in using a distinct
> > >>service) should be able to get a chance for a detailed view into
> > >>the running configuration of each service - before and while
> > >>using it. slapd's cn=config supports this, not perfectly but
> > >>better than any other service I'm aware of. For further details
> > >>see our paper from LDAPcon2011.  
> 
> I'm jumping in late here.  I'm curious about this talk.  I see a
> YouTube playlist of LDAPCon 2011 talkshere; which one should I look
> at for these details?

There is no video, but you may read the papers.
https://ldapcon.org/2011/downloads/plutahommelweinert-paper.pdf

[...]

>   https://www.youtube.com/playlist?list=PLXuMrj-t1hqGdOJvswPFvNtwZFHD5SODK
> 
> > >
> > >I very well remember your interesting talk and that you give read
> > >access to olcRootDN to prove it's not set.  
> > 
> > 
> > It was olcRootPw: to prove that it's not present and thus there is
> > no slapd-BOFH (aka administrative man-in-the-middle).
> > 
> > I very well remember the shocked/laughing faces of (parts of) the 
> > audience right after I switched to the slide containing this at
> > first surely suicidal seeming ACL.
> > 
> > Forget about it. It's sufficient to keep in mind that the future
> > lies in cn=config. ;-)

-Dieter


-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E