[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6834) Conversion to cn=config needs more detail

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6834) Conversion to cn=config needs more detail
From: hyc@symas.com
Date: Wed, 16 Feb 2011 23:45:05 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

andrew.findlay@skills-1st.co.uk wrote:
> On Wed, Feb 16, 2011 at 11:50:21AM +0000, Andrew Findlay wrote:
>
>> Admin Guide Section 5.4. "Converting old style slapd.conf(5) file to cn=config
>> format" suggests that it is enough to run a slapd tool with both -f and -F
>> options to perform this conversion. While strictly true, this will almost
>> certainly result in an un-manageable server because there is no rootPW set for
>> cn=config.
>>
>> The attached patch provides guidance to avoid this trap.
>
> It would also be useful to copy the config database clause from
> slapd-config(5) into the example in the Admin Guide:
>
>                # set a rootpw for the config database so we can bind.
>                # deny access to everyone else.
>                dn: olcDatabase=config,cn=config
>                objectClass: olcDatabaseConfig
>                olcDatabase: config
>                olcRootPW: {SSHA}XKYnrjvGT3wZFQrDD5040US592LxsdLy
>                olcAccess: to * by * none

That ACL is already the default. In an isolated example there's no need to 
specify it. (It is present in the slapd-config(5) example to ensure that it 
takes precedence over the olcFrontendConfig ACLs immediately above it.)

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#6833) LDAP hangs on Solaris
Next by Date: ITS#6512 BDB 5.0
Index(es):
- Chronological
- Thread