Hello.
I'm running a pair of openldap 2.4 servers which replicate cn=config DB in mirror mode. Is there a way to configure a RO user (like user from BDB) for cn=config DB, so should someone get a hold of it's password, and still will not be able to change the configs ?
Regards.
Le 11/02/2011 18:26, Mailing Lists a écrit :
Hello.
I'm running a pair of openldap 2.4 servers which replicate cn=config DB in mirror mode. Is there a way to configure a RO user (like user from BDB) for cn=config DB, so should someone get a hold of it's password, and still will not be able to change the configs ?
Hi,
I'm not entirely sure I've understood your question, but you can write ACLs to allow any user (using any DN, thus including a DN from a BDB database) access to the cn=config subtree.
Jonathan
I think it should be possible to use an ACL to set up an RO (read only?) user from, for example a specific IP address, but you are always going to have to have at least one user that can r/w.
As far as I'm aware, it's not possible to set cn=config into read only mode. (which is a good thing otherwise you'd be kind of stuck)
Alister
On 11 Feb 2011, at 18:26, Mailing Lists wrote:
Hello.
I'm running a pair of openldap 2.4 servers which replicate cn=config DB in mirror mode. Is there a way to configure a RO user (like user from BDB) for cn=config DB, so should someone get a hold of it's password, and still will not be able to change the configs ?
Regards.
-- Alister Forbes TACSUNS _.|._.|._ Cisco Systems
Please avoid sending me Word or PowerPoint attachments. See - http://www.gnu.org/philosophy/no-word-attachments.html
openldap-technical@openldap.org
-
Alister Forbes -
Jonathan Clarke -
Mailing Lists