@nas Great work! It does not modify any configuration file managed by templates. Thus it’s OK for me.
root user has full privileges on the LDAP tree through the
ldapi:// socket. This is the CentOS default. Just remember to use
-Y EXTERNAL option on
ldap* commands. For instance
ldapsearch -Y EXTERNAL -b cn=config
ldapdelete -Y EXTERNAL 'uid=yourmachine$' # <- does it work?
Unfortunately some services (like samba or libuser) don’t like
ldapi:// and require an account. And ACLs. To inspect LDAP ACLs use the commands from
be careful when accessing LDAP. It is the Unix and Samba accounts backend. It contains very sensitive informations. It’s more than
/etc/passwd. It’s like
- Don’t expose it to remote access.
- Don’t change ACLs!