[Pkg-openldap-devel] Dropping the creation of a minimal database+DIT when the slapd package is installed
Mathias Gug
mathiaz at ubuntu.com
Tue Aug 11 19:02:51 UTC 2009
Hi,
While working on the cn=config migration I was planning to remove all
the code that deals with creating a default database and a minimal DIT.
My proposal is to configure slapd with cn=config and olcAuthzRegexp
mapping [1] of the local root user (uid 0) to cn=localroot,cn=config.
The cn=config backend definition would grant manage access to
cn=localroot, cn=config [2]. Another side effect is that the admin
password would not be needed anymore.
[1]: olcAuthzRegexp: gidNumber=[[:digit:]]+\+uidNumber=0,cn=peercred,cn=external,cn=auth cn=localroot,cn=config
[2]: olcAccess: to * by dn.exact=cn=localroot,cn=config manage by * break
What do you think about it?
--
Mathias Gug
Ubuntu Developer http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20090811/c9e626b0/attachment.pgp>
More information about the Pkg-openldap-devel
mailing list