On 07.11.2015 11:38, Michael Ströder wrote: > > There is no such thing as a pseudo rootdn. > > 1. Either you have rootdn directive set or not. > Note: It is needed for some overlays. > > 2. Either you have rootpw directive set or not. > > I always use slapd -h "ldapi://.." omit rootpw and have the following > directive: > > authz-regexp > "gidnumber=0\\+uidnumber=0,cn=peercred,cn=external,cn=auth" > "cn=root,dc=example,dc=com" > > Then user root can always locally authenticate without a password like this: > > ldawhoami -H ldapi:// -Y EXTERNAL
Thank you. How do you prevent remote logins as cn=root,dc=example,dc=com in that setup? Michael
