9 Nov
2015
9 Nov
'15
1:54 p.m.
Michael Hierweck wrote:
On 07.11.2015 11:38, Michael Ströder wrote:
There is no such thing as a pseudo rootdn.
- Either you have rootdn directive set or not.
Note: It is needed for some overlays.
- Either you have rootpw directive set or not.
I always use slapd -h "ldapi://.." omit rootpw and have the following directive:
authz-regexp "gidnumber=0\+uidnumber=0,cn=peercred,cn=external,cn=auth" "cn=root,dc=example,dc=com"
Then user root can always locally authenticate without a password like this:
ldawhoami -H ldapi:// -Y EXTERNAL
Thank you. How do you prevent remote logins as cn=root,dc=example,dc=com in that setup?
You cannot remotely authenticate as rootdn without rootpw directive.
Ciao, Michael.