nerdexam
CompTIA

LX0-104 · Question #147

After analyzing a slapd.conf file, an administrator noted that the rootdn and rootpw directives are not present. Where is the LDAP administrator account defined?

The correct answer is B. The account is defined by an ACL in slapd.conf.. If rootdn and rootpw are not explicitly defined in slapd.conf, the LDAP administrator account is instead managed through Access Control Lists.

Security

Question

After analyzing a slapd.conf file, an administrator noted that the rootdn and rootpw directives are not present. Where is the LDAP administrator account defined?

Options

  • AIt is using the default account admin with the password admin.
  • BThe account is defined by an ACL in slapd.conf.
  • CIt is using the default account admin with a null password.
  • DThe account is defined in the file /etc/ldap.secret.
  • EThe account is defined in the file /etc/ldap.root.conf.

How the community answered

(27 responses)
  • A
    4% (1)
  • B
    89% (24)
  • D
    4% (1)
  • E
    4% (1)

Why each option

If `rootdn` and `rootpw` are not explicitly defined in `slapd.conf`, the LDAP administrator account is instead managed through Access Control Lists.

AIt is using the default account admin with the password admin.

OpenLDAP does not have a hardcoded default 'admin' account with a default password that automatically grants root access without configuration.

BThe account is defined by an ACL in slapd.conf.Correct

When `rootdn` and `rootpw` are absent, OpenLDAP relies on ACLs to define who has administrative privileges, typically by granting specific users or groups permissions to modify the directory's root DSE or specific branches. This allows for more flexible and granular administration without a superuser bind.

CIt is using the default account admin with a null password.

OpenLDAP does not have a hardcoded default 'admin' account with a null password that automatically grants root access without configuration.

DThe account is defined in the file /etc/ldap.secret.

The `/etc/ldap.secret` file typically stores a shared secret for authentication or other security-related mechanisms, not the primary LDAP administrator's distinguished name (DN) and password.

EThe account is defined in the file /etc/ldap.root.conf.

There is no standard OpenLDAP configuration file named `/etc/ldap.root.conf` for defining the root administrator account.

Concept tested: OpenLDAP root administrator definition

Source: https://www.openldap.org/doc/admin24/access-control.html

Topics

#LDAP administrator#slapd.conf#ACLs

Community Discussion

No community discussion yet for this question.

Full LX0-104 Practice