Re: warning about rootdn privileges

[Quanah Gibson-Mount <quanah@symas.com>]

--On Wednesday, June 20, 2018 12:22 PM -0400 Chris Hoogendyk 
<hoogendyk@bio.umass.edu> wrote:

> When one's Google Foo fails, turn to an appropriate list.
>
> I would like to get rid of these warnings (rootdn is always granted
> unlimited privileges). First, it's annoying that our cron always spits
> back an email. Second, one assumes that where there is a warning, there
> might be something that should be done differently. I've tried searching,
> but it seems this warning always comes up in conjunction with some other
> error that someone is concerned about. This particular warning is always
> ignored in the discussion of the error of concern as far as I have been
> able to find.
>
>     5b2472a5 /usr/local/etc/openldap/slapd.conf: line 170: rootdn is
> always granted unlimited privileges.

Hi Chris,

One of the lovely things about open source software is, well, that the 
source is open.  A 2 second grep discovers that this messages comes from 
"aclparse.c".  I.e., the portion of the code responsible for parsing ACLs. 
Thus it would appear that you have ACLs referencing the rootdn (which as 
noted in slapd.access(5) is not subject to ACLs).

Hope that helps!

Warm regards,
Quanah



--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>