hello,
I have an ldap server with rootdn cn=admin,dc=domain,dc=tld and password set in cn=config (this is openldap 2.4.40 on debian squeeze)
I have also the ldap objet cn=admin,dc=domain,dc=tld in the database, with a *different* password
both password seem to authenticate. is this expected?
This used NOT to work (I don't remember but I think it was on an old version using slapd.conf). I have always considered the password defined in cn=config to be the last resort password, in case the database is corrupted. but when the database is active, I expect the password in the database to be the reference. Being able to regularly change the root dn password looks like a good thing to me. Obviously I'm wrong :-) Out of curiosity, when did this change, if ever?
TIA. with best regards,