Re: root-only configuration
Mike Malsman wrote:
On 11.Mar.2009, at 9:32 AM, Peter Mogensen wrote:
> But limiting cn=config access to ldapi:/// ... no luck.
>
> Do someone have a working example of this?
>
> /Peter
What does your 'access' directive look like?
access to dn.exact="cn=config"
by peername.path="/var/run/slapd/ldapi" auth
by * none
I've used this method before in "normal" databases, to control who can
become rootdn, but it just won't work for cn=config.
Of course, I have to add a "userPassword" attribute to cn=config.ldif,
but it seems to be ignored.
I've also tried to create a cn=root,cn=config object, but I have a
problem finding a schema which is loaded which allows me to set
userPassword.
If people on this list hadn't said that it was possible, I would
probably have concluded by now that it is simply not possible to limit
rootdn access to cn=config to ldapi:///.
/Peter