Hello Michael, Thank you for reading my email and replying to the thread.
I don't believe that you answered my question. I was probably unclear. Sorry. I will rephrase, as I am still looking for information. Is there a reason why I should not be able to, or just should not, do the below: 1. change my OpenLDAP server configuration so cn=config can be successfully authenticated using password. 2. retrieve records from non-config database[s] [over network, for example giving ldapsearch -D cn=config -W] Sincerely, Igor Shmukler On Mon, Mar 2, 2015 at 12:26 PM, Michael Ströder <[email protected]> wrote: > Igor Shmukler wrote: >> I have a multi-tenant [multiple DITs] LDAP directory setup. >> One of things that I need to be able to do, is to retrieve records >> from individual domain [DIT] -level databases using "superuser" >> credentials. > > You should start to read about access control: > > slapd.access(5) > > http://www.openldap.org/doc/admin24/access-control.html > > http://www.openldap.org/faq/data/cache/189.html > > Don't claim to have a multi-tenant service before you really understood all of > the above. > > Ciao, Michael. >
