[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to search the "config" database ?



Dear :

i cant read it without password. i operate by the following steps:

1. edit a basic slapd.conf file, add the config database and set its passwod, such as
    database config
    rootpw "OpenLdap"

2. use ldaptest utility to convert slapd.conf into slapd.d directory.

3. start slapd and have more modifications


-----------------
Regards.

> 
> --On Tuesday, October 25, 2005 10:09 AM +0200 Michael Str枚der 
> <michael@stroeder.com> wrote:
> 
>> William wrote:
>>>
>>> $ ldapsearch -x  -b "cn=config" -s sub
>>> [..]
>>> result: 50 Insufficient access
>>
>> You have to bind as cn=config and provide the correct password.
>>
>> ldapsearch -x -D "cn=config" -b "cn=config" -s sub -W
> 
> That is not necessarily correct.  You can read the cn=config database with 
> any user that has privileges to read in it (See global ACL's).  You could 
> theoretically even give anonymous read to the cn=config database.
> 
> --Quanah
> 
> --
> Quanah Gibson-Mount
> Principal Software Developer
> ITSS/Shared Services
> Stanford University
> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
> 
> "These censorship operations against schools and libraries are stronger
> than ever in the present religio-political climate. They often focus on
> fantasy and sf books, which foster that deadly enemy to bigotry and blind
> faith, the imagination." -- Ursula K. Le Guin
> 
>?????????????????????j(??????????????????