2011/4/21 Jose Ildefonso Camargo Tolosa ildefonso.camargo@gmail.com: [...]
Or use the ldapi:// URI, with "EXTERNAL" SASL mechanism, and correct ACL.
Ok.... can you elaborate? if you can do this, I feel that this is almost a security problem (where you can bypass LDAP authentication by using an external auth that was not previously configured on the directory).
On my Debian server, the default openldap installation has this only ACL defined for cn=config: olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage break
And I can access it by connecting as root *on the same server*, and using ldap* tools like this: ldapsearch -H "ldapi:///" -Y EXTERNAL -b "cn=config"
This is to be used at the very start of the installation. I use it to create a user, and add an ACL with this user to allow me to access the directory from outside (and have some graphical tool if they can make admin tasks easier).