--On Tuesday, May 29, 2012 5:49 PM +0000 michael(a)stroeder.com wrote:
hyc(a)symas.com wrote:
> Why should X user ever need to run this tool to generate a value?
From slappasswd(8):
DESCRIPTION
Slappasswd is used to generate an userPassword value suitable
for use with ldapmodify(1), slapd.conf(5) rootpw configuration
directive or the slapd-config(5) olcRootPW configuration directive.
Do you want to restrict this text regarding ldapmodify(1) only for the
cases that the slappasswd user has also write access to back-config?
The tool has allowed the ability to generate password values for years. It
is not uncommon to use it to do just that. I've often used it to generate
base-64 encoded SSHA values to push into LDIF I will be writing to the
server via ldapmodify. That should not require access to
cn=config/slapd.conf.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration