On Fri, Jun 15, 2007 at 04:31:48PM +0200, Hallvard B Furuseth wrote: > Andreas Hasenack writes: > > I was just wondering if this is expected behaviour. > > It's intended behavour that rootdn can be the name of an entry and you > can use that entry's password.
Agreed > When both an entry and rootpw exist, backends are currently inconsistent > about which one is used. (Which backend are you using? I thought it > happened just with the LDIF backend.) BDB > > I find this a bit unexpected. Suppose someone manages to create an > > entry matching rootdn. Then this person would be able to become > > rootdn, bypassing the rootpw setting in slapd.conf. > > I'll note that as an argument for having rootpw override the entry's > dn:-) Yes, exactly my thought.