Univention Bugzilla – Bug 50051
[UDM HTTP API] support cn=admin connection
Last modified: 2019-10-02 16:06:32 CEST
UCS@school installs very complex LDAP ACLs. Traversing them takes time → costs performance. In some situations the identity of the client has already been verified and thus the backend code uses a cn=admin connection for performance reasons. Support using a cn=admin connection with the UDM HTTP API.
Can you give more information on how you would like to use that, i.e. how would you authenticate? Wouldn't it be a solution to add an LDAP ACL in UCS@school which fits your needs for a specially created user: access to * by dn.base="cn=ucsschool-admin$,dc=ldap,dc=base" write stop by * +0 break
Why do that, if there is already an account that fits the role?
The special username "cn=admin" can now be used to authenticate with the cn=admin connection. As cn=admin is not part of any groups, it bypasses the ACL's which check the group membership. univention-directory-manager-rest (9.0.16-3) ba1bc4e4fca0 | Bug #27816: allow authentication via cn=admin
univention-directory-mana 9.0.16-4A~4.4.0.2 OK: authentication with cn=admin is possible
UCS 4.4-2 has been released: https://docs.software-univention.de/release-notes-4.4-2-en.html https://docs.software-univention.de/release-notes-4.4-2-de.html If this error occurs again, please use "Clone This Bug".