I think you just remove the nsslapd-rootpw attribute in cn=config - that
will disallow BINDs as the directory manager. I suppose you could save
the value somewhere so you can enable it as needed.
A G wrote:
OK. how can I disable the "cn=Directory Administrator"
account?
Will I be able to enable easily so that in the normal operation it is
disabled for the security purposes?
On 1/25/06, *fedora-directory-users-request(a)redhat.com
<mailto:fedora-directory-users-request@redhat.com>* <
fedora-directory-users-request(a)redhat.com
<mailto:fedora-directory-users-request@redhat.com>> wrote:
Send Fedora-directory-users mailing list submissions to
fedora-directory-users(a)redhat.com
<mailto:fedora-directory-users@redhat.com>
To subscribe or unsubscribe via the World Wide Web, visit
https://www.redhat.com/mailman/listinfo/fedora-directory-users
or, via email, send a message with subject or body 'help' to
fedora-directory-users-request(a)redhat.com
<mailto:fedora-directory-users-request@redhat.com>
You can reach the person managing the list at
fedora-directory-users-owner(a)redhat.com
<mailto:fedora-directory-users-owner@redhat.com>
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Fedora-directory-users digest..."
Today's Topics:
1. How to enable "cn=Directory Administrator" to login
from only
specified hosts (G?khan Afacan)
2. How to lock/unlock "cn=Directory Administrator" user account?
(G?khan Afacan)
3. Re: How to enable "cn=Directory Administrator" to login from
only specified hosts (Richard Megginson)
4. Re: How to lock/unlock "cn=Directory Administrator" user
account? (Richard Megginson)
5. How to enable "cn=Directory Administrator" to login
from only
specified hosts (A G)
6. How to lock/unlock "cn=Directory Administrator" user account?
(A G)
----------------------------------------------------------------------
Message: 1
Date: Wed, 25 Jan 2006 17:44:31 +0200
From: G?khan Afacan <gokhan.afacan(a)gmail.com
<mailto:gokhan.afacan@gmail.com>>
Subject: [Fedora-directory-users] How to enable "cn=Directory
Administrator" to login from only specified hosts
To: fedora-directory-users(a)redhat.com
<mailto:fedora-directory-users@redhat.com>
Message-ID:
<2393d5a10601250744m7c2e0643mea5ee25a5658d4fc(a)mail.gmail.com
<mailto:2393d5a10601250744m7c2e0643mea5ee25a5658d4fc@mail.gmail.com>>
Content-Type: text/plain; charset=ISO-8859-1
Hello,
How can I enable "cn=Directory Administrator" to login from only
specified hosts?
I mean that cn=Directory Administrator user can only logon only
from 10.1.3.110 <
http://10.1.3.110>.
How can I do that?
------------------------------
Message: 2
Date: Wed, 25 Jan 2006 17:46:03 +0200
From: G?khan Afacan < gokhan.afacan(a)gmail.com
<mailto:gokhan.afacan@gmail.com>>
Subject: [Fedora-directory-users] How to lock/unlock "cn=Directory
Administrator" user account?
To: fedora-directory-users(a)redhat.com
<mailto:fedora-directory-users@redhat.com>
Message-ID:
<2393d5a10601250746hfae7d11t8526098605735d8d(a)mail.gmail.com
<mailto:2393d5a10601250746hfae7d11t8526098605735d8d@mail.gmail.com>>
Content-Type: text/plain; charset=ISO-8859-1
How can I lock and unlock the user cn=Directory Administrator user
account?
On 1/25/06, Gökhan Afacan <gokhan.afacan(a)gmail.com
<mailto:gokhan.afacan@gmail.com>> wrote:
> Hello,
> How can I enable "cn=Directory Administrator" to login from only
> specified hosts?
> I mean that cn=Directory Administrator user can only logon only
from 10.1.3.110 <
http://10.1.3.110> .
> How can I do that?
>
------------------------------
Message: 3
Date: Wed, 25 Jan 2006 09:13:30 -0700
From: Richard Megginson <rmeggins(a)redhat.com
<mailto:rmeggins@redhat.com>>
Subject: Re: [Fedora-directory-users] How to enable "cn=Directory
Administrator" to login from only specified hosts
To: "General discussion list for the Fedora Directory server
project."
<fedora-directory-users(a)redhat.com
<mailto:fedora-directory-users@redhat.com>>
Message-ID: <43D7A3AA.2000208(a)redhat.com
<mailto:43D7A3AA.2000208@redhat.com>>
Content-Type: text/plain; charset="iso-8859-1"
Gökhan Afacan wrote:
>Hello,
>How can I enable "cn=Directory Administrator" to login from only
>specified hosts?
>
>
I don't think that is possible.
>I mean that cn=Directory Administrator user can only logon only
from 10.1.3.110 <
http://10.1.3.110>.
>How can I do that?
>
>
I don't think you can do that. If you are worried about Directory
Manager access, you can create another account (like the console
admin
account) that has administrator privileges, then you can set up
ACIs for
that user, then you can disable the directory manager account.
>--
>Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
<mailto:Fedora-directory-users@redhat.com>
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
Url :
https://www.redhat.com/archives/fedora-directory-users/attachments/200601...
------------------------------
Message: 4
Date: Wed, 25 Jan 2006 09:14:11 -0700
From: Richard Megginson < rmeggins(a)redhat.com
<mailto:rmeggins@redhat.com>>
Subject: Re: [Fedora-directory-users] How to
lock/unlock "cn=Directory
Administrator" user account?
To: "General discussion list for the Fedora Directory server
project."
<fedora-directory-users(a)redhat.com
<mailto:fedora-directory-users@redhat.com>>
Message-ID: <43D7A3D3.2050004(a)redhat.com
<mailto:43D7A3D3.2050004@redhat.com>>
Content-Type: text/plain; charset="iso-8859-1"
Gökhan Afacan wrote:
>How can I lock and unlock the user cn=Directory Administrator
user account?
>
>
You cannot do that. You can disable the directory manager
account, but
you cannot lock and unlock it as if it were a "normal" user account.
>
>On 1/25/06, Gökhan Afacan <gokhan.afacan(a)gmail.com
<mailto:gokhan.afacan@gmail.com>> wrote:
>
>
>>Hello,
>>How can I enable "cn=Directory Administrator" to login from only
>>specified hosts?
>>I mean that cn=Directory Administrator user can only logon only
from 10.1.3.110 <
http://10.1.3.110>.
>>How can I do that?
>>
>>
>>
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users(a)redhat.com
<mailto:Fedora-directory-users@redhat.com>
>
https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
Url :
https://www.redhat.com/archives/fedora-directory-users/attachments/200601...
<
https://www.redhat.com/archives/fedora-directory-users/attachments/200601...
------------------------------
Message: 5
Date: Wed, 25 Jan 2006 18:25:51 +0200
From: A G <cino11(a)gmail.com <mailto:cino11@gmail.com>>
Subject: [Fedora-directory-users] How to enable "cn=Directory
Administrator" to login from only specified hosts
To: fedora-directory-users(a)redhat.com
<mailto:fedora-directory-users@redhat.com>
Message-ID: < 408162380601250825y4e966611p(a)mail.gmail.com
<mailto:408162380601250825y4e966611p@mail.gmail.com>>
Content-Type: text/plain; charset="iso-8859-1"
Hello,
How can I enable "cn=Directory Administrator" to login from only
specified hosts?
I mean that cn=Directory Administrator user can only logon only from
10.1.3.110 <
http://10.1.3.110>.
How can I do that?
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
https://www.redhat.com/archives/fedora-directory-users/attachments/200601...
------------------------------
Message: 6
Date: Wed, 25 Jan 2006 18:26:20 +0200
From: A G <cino11(a)gmail.com <mailto:cino11@gmail.com>>
Subject: [Fedora-directory-users] How to lock/unlock "cn=Directory
Administrator" user account?
To: fedora-directory-users(a)redhat.com
<mailto:fedora-directory-users@redhat.com>
Message-ID: < 408162380601250826r5dca4666q(a)mail.gmail.com
<mailto:408162380601250826r5dca4666q@mail.gmail.com>>
Content-Type: text/plain; charset="iso-8859-1"
How can I lock and unlock the user cn=Directory Administrator user
account?
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
https://www.redhat.com/archives/fedora-directory-users/attachments/200601...
<
https://www.redhat.com/archives/fedora-directory-users/attachments/200601...
------------------------------
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
<mailto:Fedora-directory-users@redhat.com>
https://www.redhat.com/mailman/listinfo/fedora-directory-users
End of Fedora-directory-users Digest, Vol 8, Issue 40
*****************************************************
------------------------------------------------------------------------
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users