On 16.09.2017 09:04, Michael Ströder wrote:
Daniel Pluta wrote:
Call it strange, useless, insane, fine or whatever, but my customers (also anybody who's interested in using a distinct service) should be able to get a chance for a detailed view into the running configuration of each service - before and while using it. slapd's cn=config supports this, not perfectly but better than any other service I'm aware of. For further details see our paper from LDAPcon2011.
I very well remember your interesting talk and that you give read access to olcRootDN to prove it's not set.
It was olcRootPw: to prove that it's not present and thus there is no slapd-BOFH (aka administrative man-in-the-middle).
I very well remember the shocked/laughing faces of (parts of) the audience right after I switched to the slide containing this at first surely suicidal seeming ACL.
Forget about it. It's sufficient to keep in mind that the future lies in cn=config. ;-)