Salutations OpenLDAP-Technical,
I am thinking of rootDN and how I'm not a big fan of it. You don't need
rootDN to configure OpenLDAP (assuming you first load OLC with slapadd).
You don't need it to configure OLC if you've set up access to it for
admin accounts. It ends up being one shared password that rules
everything. Would it not be best to always give elevated access to
specific accounts? Yes I understand without privileged admin access in
the first place it's a chicken or egg situation to give access to admins
but that can be solved with slapadd or slaptest to generate the initial
configuration from a text file.
And in some extreme cases, it's best to not evaluate access at all. This
is the only reason I can think of for rootDN.
It seems that syncrepl depends on it though, because when I try to
configure a server without rootdn, rootpw and set up syncrepl, I get
Other (e.g., implementation specific) error (80)
additional info: rootDN must be defined before syncrepl may be used.
What do people think about the need, utility, implications of having a
password based root account?
And why would rootDN need to be defined for syncrepl to work?
Many thanks,
--
Chris Paul
Rex Consulting, Inc
https://www.rexconsulting.net
