15 Jun
2007
15 Jun
'07
8:53 a.m.
On Fri, Jun 15, 2007 at 04:31:48PM +0200, Hallvard B Furuseth wrote:
Andreas Hasenack writes:
I was just wondering if this is expected behaviour.
It's intended behavour that rootdn can be the name of an entry and you can use that entry's password.
Agreed
When both an entry and rootpw exist, backends are currently inconsistent about which one is used. (Which backend are you using? I thought it happened just with the LDIF backend.)
BDB
I find this a bit unexpected. Suppose someone manages to create an entry matching rootdn. Then this person would be able to become rootdn, bypassing the rootpw setting in slapd.conf.
I'll note that as an argument for having rootpw override the entry's dn:-)
Yes, exactly my thought.