Hello Michael,
Thank you for reading my email and replying to the thread.
I don't believe that you answered my question. I was probably unclear. Sorry. I will rephrase, as I am still looking for information.
Is there a reason why I should not be able to, or just should not, do the below: 1. change my OpenLDAP server configuration so cn=config can be successfully authenticated using password. 2. retrieve records from non-config database[s] [over network, for example giving ldapsearch -D cn=config -W]
Sincerely,
Igor Shmukler
On Mon, Mar 2, 2015 at 12:26 PM, Michael Ströder michael@stroeder.com wrote:
Igor Shmukler wrote:
I have a multi-tenant [multiple DITs] LDAP directory setup. One of things that I need to be able to do, is to retrieve records from individual domain [DIT] -level databases using "superuser" credentials.
You should start to read about access control:
slapd.access(5)
http://www.openldap.org/doc/admin24/access-control.html
http://www.openldap.org/faq/data/cache/189.html
Don't claim to have a multi-tenant service before you really understood all of the above.
Ciao, Michael.