Am Mon, 18 Sep 2017 10:12:23 -0400 schrieb Brian Reichert reichert@numachi.com:
On Sat, Sep 16, 2017 at 04:24:36PM +0200, Daniel Pluta wrote:
On 16.09.2017 09:04, Michael Str??der wrote:
Daniel Pluta wrote:
Call it strange, useless, insane, fine or whatever, but my customers (also anybody who's interested in using a distinct service) should be able to get a chance for a detailed view into the running configuration of each service - before and while using it. slapd's cn=config supports this, not perfectly but better than any other service I'm aware of. For further details see our paper from LDAPcon2011.
I'm jumping in late here. I'm curious about this talk. I see a YouTube playlist of LDAPCon 2011 talkshere; which one should I look at for these details?
There is no video, but you may read the papers. https://ldapcon.org/2011/downloads/plutahommelweinert-paper.pdf
[...]
https://www.youtube.com/playlist?list=PLXuMrj-t1hqGdOJvswPFvNtwZFHD5SODK
I very well remember your interesting talk and that you give read access to olcRootDN to prove it's not set.
It was olcRootPw: to prove that it's not present and thus there is no slapd-BOFH (aka administrative man-in-the-middle).
I very well remember the shocked/laughing faces of (parts of) the audience right after I switched to the slide containing this at first surely suicidal seeming ACL.
Forget about it. It's sufficient to keep in mind that the future lies in cn=config. ;-)
-Dieter