-----Original Message----- From: thomaswilliampritchard@gmail.com thomaswilliampritchard@gmail.com Sent: Wednesday, July 12, 2023 6:34 PM To: openldap-technical@openldap.org Subject: Rotating olcRootPW
I don't see the usefulness for a root password. Root = anonymous super user. Do you really want all your creatorsNames/modifiersNames to be rootdn? IMO: Better to use access control and give the right people the right access. Yes, in a real world, sometimes you need total circumvention. For that there is EXTERNAL IPC mode, to map the system root to rootdn per admin guide 15.2.4.2. I like to have that restricted to the host. Seems to me to be just right that way.