Are there any ACLs that control what cn=directory manager,cn=config can modify or is it a LDAP superuser sort-of account? I only ask because I want to blow away my ACLs (olcAccess attributes in olcDatabase={2}bdb) and re-add updated ones them (I know it sounds silly, but I have valid reasons for doing this) and I want to make sure that I can still make these modifications as this directory manager even if I have no ACLs. Thanks,
Andy Carlson Moody Bible Institute Identity Administrator | Information Systems 312-329-4385 www.moody.eduhttp://www.moody.edu
On Wednesday, 1 February 2012 21:52:56 Andy Carlson wrote:
Are there any ACLs that control what cn=directory manager,cn=config can modify or is it a LDAP superuser sort-of account? I only ask because I want to blow away my ACLs (olcAccess attributes in olcDatabase={2}bdb) and re-add updated ones them (I know it sounds silly, but I have valid reasons for doing this) and I want to make sure that I can still make these modifications as this directory manager even if I have no ACLs. Thanks,
The DN that is rootdn of cn=config, will always be able to modify everything under cn=config, regardless of ACLs.
Regards, Buchan
openldap-technical@openldap.org
-
Andy Carlson -
Buchan Milne