On Thursday 16 February 2006 19:00, Howard Chu wrote: > Ralf Haferkamp wrote: > > On Thursday 16 February 2006 16:41, Pierangelo Masarati wrote: > >>> Ralf Haferkamp wrote: > >>>> Hi, > >>>> > >>>> I just recognized that current slapd advertises the > >>>> config-context in root-dse, even if back-config is not used > >>>> (e.g. no config directory exists). To me it seems useful to hide > >>>> the > >>>> "configContext" Attribute in such cases and deny searches below > >>>> cn=config with "no such object". > >>> > >>> No. The cn=config tree is always present; just that any changes > >>> made when no backing directory exists will not persist. > >> > >> but if no "database config" directive is present, it's not > >> accessible. I think this is what Ralf meant. > > > > Yes. It's just confusing that you see "configContext" in the > > Root-DSE but can't access it in any way. > > I don't consider this a condition worth testing for. You could have a > sasl-regexp that maps some other identity to the cn=config DN. Btw, while we are at it. For easy bootstrapping of back-config we could add an implicit sasl-regexp that maps "gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" to "cn=config". This would allow root to configure slapd through ldapi. I just played around a little with this and it seems to work with some additional tweaks in bconfig.c.
-- Ralf Haferkamp SUSE LINUX Products GmbH, Maxfeldstrasse 5, D-90409 Nuernberg T: +49-911-74053-0 F: +49-911-74053575 - [EMAIL PROTECTED]
