On 08/02/2016 05:15 AM, Dieter Klünter wrote:
Am Tue, 2 Aug 2016 00:37:58 -0400 schrieb John Lewis oflameo2@gmail.com:
How do I allow root aka to edit olcDatabase={1}mdb,cn=config. I am trying to configure ldapscripts https://packages.debian.org/jessie/ldapscripts, but the idea of having a password in the clear is just disturbing.
There is no password involved, if handled this correctly. The idea is that posix account of root is bound to uid number 0 and group id number 0. While data transport is done over ldapi (IPC) and a SASL EXTERNAL Mechanism is called, ipc function provides permission information to the operation. This permission id is mapped onto rootdn of cn=config. [...]
-Dieter
If I wanted to map the permissions from dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external to my olcRootDN: which I will call cn=Manager,dc=example,dc=com which is the olcRootDN: for dn: olcDatabase={1}mdb,cn=config, how would I do it?