Peter Mogensen wrote:
Howard Chu wrote:
> Do it right, use SASL/EXTERNAL and use authz-regexp to map Unix
> credentials to LDAP credentials.
> And don't mess around with "userPassword" when "rootpw" is
what you need.
won't setting a rootpw allow anyone being able to guess it to connect on
any socket (TCP/UNIX) that slapd is listening on an bind as cn=config?
Then just use SASL/EXTERNAL and don't use any passwords at all.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/