Hi,
while looking what debian generates in their cn=config for Debian Jessie I found following acl on the frontend database:
dn: olcDatabase={-1}frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {-1}frontend olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break olcAccess: {1}to dn.exact="" by * read olcAccess: {2}to dn.base="cn=Subschema" by * read olcSizeLimit: 500
I somehow fail to grasp the relevance of granting manage access to the frontend database.
Is it just me or is this is acl just mindless pasting.
Apart from that debian jessie is now on openldap 2.4.40 thoug still built agains gnutls.
Greetings Christian
Hi
Am 01.12.2014 um 12:00 schrieb Christian Kratzer:
I somehow fail to grasp the relevance of granting manage access to the frontend database.
man slapd-config - search for olcDatabase and find this:
' olcDatabase entries store settings specific to a single instance. These entries may have olcOverlay child entries corresponding to any overlays configured on the database. The olcDatabase olcOverlay entries may also have miscellaneous child entries for settings as needed. There are two special database entries that predefined - one is an entry for the config database itself, and other is for the "frontend" database. Settings in the frontend are inherited by the other databases, unless they are overridden in a specific database.'
hth
openldap-technical@openldap.org
-
Bernd May -
Christian Kratzer