slapd with cn=config - some suggestions
Andreas Hasenack
andreas at canonical.com
Tue Aug 26 12:51:06 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mathias Gug wrote:
> Using slapadd is only safe when the slapd daemon is not running. This
> use case is only found when the slapd package is being upgraded. So
> supporting schema addition while slapd is running (via ldapadd) is
> important. As for authentication, prompting for the administrator
> credentials (dn & password) is the best option IMO.
What about using ldapi:// + sasl external and mapping that to the root or admin dn?
Something like:
authz-regexp "gidNumber=0\\\+uidNumber=0,cn=peercred,cn=external,cn=auth"
"uid=Account Admin,ou=System Accounts, at SUFFIX@"
Just a thought.
- --
Andreas Hasenack
andreas at canonical.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIs/w6eEJZs/PdwpARAiCJAKCjHUY0rF00zNArXoJG5MEERwWiOgCfXRcb
RoSTSL3Y28Kc7S/Ki3VMbcw=
=bBJl
-----END PGP SIGNATURE-----
More information about the ubuntu-server
mailing list