23 Feb
2015
23 Feb
'15
1:29 a.m.
Jephte Clain wrote:
I have an ldap server with rootdn cn=admin,dc=domain,dc=tld and password set in cn=config (this is openldap 2.4.40 on debian squeeze)
I have also the ldap objet cn=admin,dc=domain,dc=tld in the database, with a *different* password
both password seem to authenticate. is this expected?
IIRC it always worked like this.
Being able to regularly change the root dn password looks like a good thing to me.
If you want security then avoid using rootpw. There is no serious use-case where you have to bind as rootdn via remote LDAP. And for repairing defects locally use a authz-regexp for LDAPI access with SASL/EXTERNAL bind of user root.
Ciao, Michael.