lists.arthurdejong.org
RSS feed

Re: option for administrator DN?

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: option for administrator DN?



On Fri, 5 Feb 2010, Jan Schampera wrote:
> I'd say "AdminDN" is misleading at all, because one might think of the 
> directory admin DN. Regardless of slapd.conf's naming.
>
> "RootDN" as in "use this DN when we are root" is better, yes.

The problem is that this is only used for password modification, e.g.
not for NSS lookups as the root user (like the rootbinddn option in
nss_ldap). Perhaps something more descriptive like rootchangepassworddn
would be an option (it is a bit long though).

I expect that this is the only place where write access to the LDAP
server is needed. Perhaps at some point it may be needed to update
session information though (the nssov overlay in slapd does this).

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org/ --

--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users