Hello Ulrich,
I do not doubt that you are right, yet what to understand. Why would be rootdn necessary to fix ACLs when we have the config database without RootDN and therefore that one is cannot be messed up by applying a filter to the RootDN?
Not that I doubt wisdom of the design decisions.
For my goal, I am going to use olcHidden to achieve what I need instead. If I cannot properly suspend a DIT, I get close to desired results by hiding the database.
Sincerely,
Igor Shmukler
On Fri, Apr 17, 2015 at 8:15 AM, Ulrich Windl Ulrich.Windl@rz.uni-regensburg.de wrote:
Quanah Gibson-Mount quanah@zimbra.com schrieb am 16.04.2015 um 20:38 in
Nachricht <C40A1A2544EECEE4E75EA494@[192.168.1.9]>: [...]
From the slapd.access(5) man page:
Be warned: the rootdn can always read and write EVERYTHING!...and that is very helpful if you messed up your ACLs...
[...]
Regards, Ulrich
openldap-technical@openldap.org
-
Igor Shmukler