On 14/07/2025 18:02, CoreyLee Hassell via FreeIPA-users wrote:
The main reason for choosing long, enormous passwords is that the Directory Manager password can be used remotely, and I have not yet figured out if I can protect it in other ways other than firewalling LDAP(S) connections.
You can lock this down with the "RootDN Access Control" plugin so that the root DN can only authenticate if connecting from ::1 and 127.0.0.1.
https://docs.redhat.com/en/documentation/red_hat_directory_server/12/html/securing_red_hat_directory_server/assembly_setting-access-control-on-the-directory-manager-account_securing-rhds -- Sam Morris <https://robots.org.uk/> PGP: rsa4096/CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9 -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
