--On Tuesday, May 29, 2012 5:49 PM +0000 michael@stroeder.com wrote:
hyc@symas.com wrote:
Why should X user ever need to run this tool to generate a value?
From slappasswd(8):
DESCRIPTION Slappasswd is used to generate an userPassword value suitable for use with ldapmodify(1), slapd.conf(5) rootpw configuration directive or the slapd-config(5) olcRootPW configuration directive.
Do you want to restrict this text regarding ldapmodify(1) only for the cases that the slappasswd user has also write access to back-config?
The tool has allowed the ability to generate password values for years. It is not uncommon to use it to do just that. I've often used it to generate base-64 encoded SSHA values to push into LDIF I will be writing to the server via ldapmodify. That should not require access to cn=config/slapd.conf.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
-
quanah@zimbra.com