I think it should be possible to use an ACL to set up an RO (read only?) user from, for example a specific IP address, but you are always going to have to have at least one user that can r/w.
As far as I'm aware, it's not possible to set cn=config into read only mode. (which is a good thing otherwise you'd be kind of stuck)
Alister
On 11 Feb 2011, at 18:26, Mailing Lists wrote:
Hello.
I'm running a pair of openldap 2.4 servers which replicate cn=config DB in mirror mode. Is there a way to configure a RO user (like user from BDB) for cn=config DB, so should someone get a hold of it's password, and still will not be able to change the configs ?
Regards.
-- Alister Forbes TACSUNS _.|._.|._ Cisco Systems
Please avoid sending me Word or PowerPoint attachments. See - http://www.gnu.org/philosophy/no-word-attachments.html