[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6834) Conversion to cn=config needs more detail
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#6834) Conversion to cn=config needs more detail
- From: hyc@symas.com
- Date: Wed, 16 Feb 2011 23:45:05 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
andrew.findlay@skills-1st.co.uk wrote:
> On Wed, Feb 16, 2011 at 11:50:21AM +0000, Andrew Findlay wrote:
>
>> Admin Guide Section 5.4. "Converting old style slapd.conf(5) file to cn=config
>> format" suggests that it is enough to run a slapd tool with both -f and -F
>> options to perform this conversion. While strictly true, this will almost
>> certainly result in an un-manageable server because there is no rootPW set for
>> cn=config.
>>
>> The attached patch provides guidance to avoid this trap.
>
> It would also be useful to copy the config database clause from
> slapd-config(5) into the example in the Admin Guide:
>
> # set a rootpw for the config database so we can bind.
> # deny access to everyone else.
> dn: olcDatabase=config,cn=config
> objectClass: olcDatabaseConfig
> olcDatabase: config
> olcRootPW: {SSHA}XKYnrjvGT3wZFQrDD5040US592LxsdLy
> olcAccess: to * by * none
That ACL is already the default. In an isolated example there's no need to
specify it. (It is present in the slapd-config(5) example to ensure that it
takes precedence over the olcFrontendConfig ACLs immediately above it.)
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/