[Fedora-directory-users] Re: Fedora-directory-users Digest, Vol 8, Issue 40
Richard Megginson
rmeggins at redhat.com
Wed Jan 25 17:18:44 UTC 2006
I think you just remove the nsslapd-rootpw attribute in cn=config - that
will disallow BINDs as the directory manager. I suppose you could save
the value somewhere so you can enable it as needed.
A G wrote:
> OK. how can I disable the "cn=Directory Administrator" account?
> Will I be able to enable easily so that in the normal operation it is
> disabled for the security purposes?
>
>
> On 1/25/06, *fedora-directory-users-request at redhat.com
> <mailto:fedora-directory-users-request at redhat.com>* <
> fedora-directory-users-request at redhat.com
> <mailto:fedora-directory-users-request at redhat.com>> wrote:
>
> Send Fedora-directory-users mailing list submissions to
> fedora-directory-users at redhat.com
> <mailto:fedora-directory-users at redhat.com>
>
> To subscribe or unsubscribe via the World Wide Web, visit
>
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> or, via email, send a message with subject or body 'help' to
> fedora-directory-users-request at redhat.com
> <mailto:fedora-directory-users-request at redhat.com>
>
> You can reach the person managing the list at
> fedora-directory-users-owner at redhat.com
> <mailto:fedora-directory-users-owner at redhat.com>
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Fedora-directory-users digest..."
>
>
> Today's Topics:
>
> 1. How to enable "cn=Directory Administrator" to login
> from only
> specified hosts (G?khan Afacan)
> 2. How to lock/unlock "cn=Directory Administrator" user account?
> (G?khan Afacan)
> 3. Re: How to enable "cn=Directory Administrator" to login from
> only specified hosts (Richard Megginson)
> 4. Re: How to lock/unlock "cn=Directory Administrator" user
> account? (Richard Megginson)
> 5. How to enable "cn=Directory Administrator" to login
> from only
> specified hosts (A G)
> 6. How to lock/unlock "cn=Directory Administrator" user account?
> (A G)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 25 Jan 2006 17:44:31 +0200
> From: G?khan Afacan <gokhan.afacan at gmail.com
> <mailto:gokhan.afacan at gmail.com>>
> Subject: [Fedora-directory-users] How to enable "cn=Directory
> Administrator" to login from only specified hosts
> To: fedora-directory-users at redhat.com
> <mailto:fedora-directory-users at redhat.com>
> Message-ID:
> <2393d5a10601250744m7c2e0643mea5ee25a5658d4fc at mail.gmail.com
> <mailto:2393d5a10601250744m7c2e0643mea5ee25a5658d4fc at mail.gmail.com>>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hello,
> How can I enable "cn=Directory Administrator" to login from only
> specified hosts?
> I mean that cn=Directory Administrator user can only logon only
> from 10.1.3.110 <http://10.1.3.110>.
> How can I do that?
>
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 25 Jan 2006 17:46:03 +0200
> From: G?khan Afacan < gokhan.afacan at gmail.com
> <mailto:gokhan.afacan at gmail.com>>
> Subject: [Fedora-directory-users] How to lock/unlock "cn=Directory
> Administrator" user account?
> To: fedora-directory-users at redhat.com
> <mailto:fedora-directory-users at redhat.com>
> Message-ID:
> <2393d5a10601250746hfae7d11t8526098605735d8d at mail.gmail.com
> <mailto:2393d5a10601250746hfae7d11t8526098605735d8d at mail.gmail.com>>
> Content-Type: text/plain; charset=ISO-8859-1
>
> How can I lock and unlock the user cn=Directory Administrator user
> account?
>
>
> On 1/25/06, Gökhan Afacan <gokhan.afacan at gmail.com
> <mailto:gokhan.afacan at gmail.com>> wrote:
> > Hello,
> > How can I enable "cn=Directory Administrator" to login from only
> > specified hosts?
> > I mean that cn=Directory Administrator user can only logon only
> from 10.1.3.110 <http://10.1.3.110> .
> > How can I do that?
> >
>
>
>
> ------------------------------
>
> Message: 3
> Date: Wed, 25 Jan 2006 09:13:30 -0700
> From: Richard Megginson <rmeggins at redhat.com
> <mailto:rmeggins at redhat.com>>
> Subject: Re: [Fedora-directory-users] How to enable "cn=Directory
> Administrator" to login from only specified hosts
> To: "General discussion list for the Fedora Directory server
> project."
> <fedora-directory-users at redhat.com
> <mailto:fedora-directory-users at redhat.com>>
> Message-ID: <43D7A3AA.2000208 at redhat.com
> <mailto:43D7A3AA.2000208 at redhat.com>>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Gökhan Afacan wrote:
>
> >Hello,
> >How can I enable "cn=Directory Administrator" to login from only
> >specified hosts?
> >
> >
> I don't think that is possible.
>
> >I mean that cn=Directory Administrator user can only logon only
> from 10.1.3.110 <http://10.1.3.110>.
> >How can I do that?
> >
> >
> I don't think you can do that. If you are worried about Directory
> Manager access, you can create another account (like the console
> admin
> account) that has administrator privileges, then you can set up
> ACIs for
> that user, then you can disable the directory manager account.
>
> >--
> >Fedora-directory-users mailing list
> > Fedora-directory-users at redhat.com
> <mailto:Fedora-directory-users at redhat.com>
> >https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
> >
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: smime.p7s
> Type: application/x-pkcs7-signature
> Size: 3178 bytes
> Desc: S/MIME Cryptographic Signature
> Url :
> https://www.redhat.com/archives/fedora-directory-users/attachments/20060125/ca03ba5e/smime.bin
>
> ------------------------------
>
> Message: 4
> Date: Wed, 25 Jan 2006 09:14:11 -0700
> From: Richard Megginson < rmeggins at redhat.com
> <mailto:rmeggins at redhat.com>>
> Subject: Re: [Fedora-directory-users] How to
> lock/unlock "cn=Directory
> Administrator" user account?
> To: "General discussion list for the Fedora Directory server
> project."
> <fedora-directory-users at redhat.com
> <mailto:fedora-directory-users at redhat.com>>
> Message-ID: <43D7A3D3.2050004 at redhat.com
> <mailto:43D7A3D3.2050004 at redhat.com>>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Gökhan Afacan wrote:
>
> >How can I lock and unlock the user cn=Directory Administrator
> user account?
> >
> >
> You cannot do that. You can disable the directory manager
> account, but
> you cannot lock and unlock it as if it were a "normal" user account.
>
> >
> >On 1/25/06, Gökhan Afacan <gokhan.afacan at gmail.com
> <mailto:gokhan.afacan at gmail.com>> wrote:
> >
> >
> >>Hello,
> >>How can I enable "cn=Directory Administrator" to login from only
> >>specified hosts?
> >>I mean that cn=Directory Administrator user can only logon only
> from 10.1.3.110 <http://10.1.3.110>.
> >>How can I do that?
> >>
> >>
> >>
> >
> >--
> >Fedora-directory-users mailing list
> >Fedora-directory-users at redhat.com
> <mailto:Fedora-directory-users at redhat.com>
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
> >
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: smime.p7s
> Type: application/x-pkcs7-signature
> Size: 3178 bytes
> Desc: S/MIME Cryptographic Signature
> Url :
> https://www.redhat.com/archives/fedora-directory-users/attachments/20060125/e067bfcc/smime.bin
> <https://www.redhat.com/archives/fedora-directory-users/attachments/20060125/e067bfcc/smime.bin>
>
> ------------------------------
>
> Message: 5
> Date: Wed, 25 Jan 2006 18:25:51 +0200
> From: A G <cino11 at gmail.com <mailto:cino11 at gmail.com>>
> Subject: [Fedora-directory-users] How to enable "cn=Directory
> Administrator" to login from only specified hosts
> To: fedora-directory-users at redhat.com
> <mailto:fedora-directory-users at redhat.com>
> Message-ID: < 408162380601250825y4e966611p at mail.gmail.com
> <mailto:408162380601250825y4e966611p at mail.gmail.com>>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hello,
> How can I enable "cn=Directory Administrator" to login from only
> specified hosts?
> I mean that cn=Directory Administrator user can only logon only from
> 10.1.3.110 <http://10.1.3.110>.
> How can I do that?
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> https://www.redhat.com/archives/fedora-directory-users/attachments/20060125/0b354c42/attachment.html
>
>
> ------------------------------
>
> Message: 6
> Date: Wed, 25 Jan 2006 18:26:20 +0200
> From: A G <cino11 at gmail.com <mailto:cino11 at gmail.com>>
> Subject: [Fedora-directory-users] How to lock/unlock "cn=Directory
> Administrator" user account?
> To: fedora-directory-users at redhat.com
> <mailto:fedora-directory-users at redhat.com>
> Message-ID: < 408162380601250826r5dca4666q at mail.gmail.com
> <mailto:408162380601250826r5dca4666q at mail.gmail.com>>
> Content-Type: text/plain; charset="iso-8859-1"
>
> How can I lock and unlock the user cn=Directory Administrator user
> account?
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> https://www.redhat.com/archives/fedora-directory-users/attachments/20060125/1e6d0495/attachment.html
> <https://www.redhat.com/archives/fedora-directory-users/attachments/20060125/1e6d0495/attachment.html>
>
> ------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> <mailto:Fedora-directory-users at redhat.com>
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
> End of Fedora-directory-users Digest, Vol 8, Issue 40
> *****************************************************
>
>
>------------------------------------------------------------------------
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20060125/22c6fe64/attachment.bin>
More information about the Fedora-directory-users
mailing list