On 03/09/2016 05:37 PM, William Brown wrote:
On Wed, 2016-03-09 at 12:06 +0100, wodel youchi wrote:
> Hi,
>
> Is it possible to create a specific user to use to backup 389DS server
> other than the Directory Manager, to use the db2bak.pl with a cronjob
> without exposing the DM password.
>
Try using db2bak rather than db2bak.pl. db2bak should operate just on the named
instance, without needing a directory manager account. You can run it from cron
as root then.
You can also specify the DM password via a file (-j option).
Also, you can add aci's to cn=config to allow a different user to
perform these tasks. For example if you just want a different user to
be able to perform backups you would set an allow(all) aci on "dn:
cn=backup,cn=tasks,cn=config".