@nas Great work! It does not modify any configuration file managed by templates. Thus it’s OK for me.
@feenix: the root user has full privileges on the LDAP tree through the ldapi:// socket. This is the CentOS default. Just remember to use -Y EXTERNAL option on ldap* commands. For instance
ldapsearch -Y EXTERNAL -b cn=config
ldapdelete -Y EXTERNAL 'uid=yourmachine$' # <- does it work?
Unfortunately some services (like samba or libuser) don’t like ldapi:// and require an account. And ACLs. To inspect LDAP ACLs use the commands from
http://docs.nethserver.org/projects/nethserver-devel/en/latest/directory.html#inspect-openldap-acls
be careful when accessing LDAP. It is the Unix and Samba accounts backend. It contains very sensitive informations. It’s more than /etc/passwd. It’s like /etc/shadow.
- Don’t expose it to remote access.
- Don’t change ACLs!