Mike Malsman wrote:
On 11.Mar.2009, at 9:32 AM, Peter Mogensen wrote:
But limiting cn=config access to ldapi:/// ... no luck.
Do someone have a working example of this?
/Peter
What does your 'access' directive look like?
access to dn.exact="cn=config" by peername.path="/var/run/slapd/ldapi" auth by * none
I've used this method before in "normal" databases, to control who can become rootdn, but it just won't work for cn=config. Of course, I have to add a "userPassword" attribute to cn=config.ldif, but it seems to be ignored. I've also tried to create a cn=root,cn=config object, but I have a problem finding a schema which is loaded which allows me to set userPassword.
If people on this list hadn't said that it was possible, I would probably have concluded by now that it is simply not possible to limit rootdn access to cn=config to ldapi:///.
/Peter