Re: config backend with SASL

["Pierangelo Masarati" <ando@sys-net.it>]

> Hi,
>
> I thought that the rootdn of the config backend is hardcoded to
> "cn=config".

Originally, it was.  Now it's not.  If you're fine with simple bind, then
you can use simple bind by adding a "rootpw <yoursecret>" statement below
the "database config", and binding as the "cn=config" which is the default
rootdn, or specify a "rootdn <yourDN>" as well and bind as that DN.

Since in the original message you appeared to be using SASL LOGIN, you can
keep using that.  In that case you need to use, as rootdn, the DN of the
identity you want to bind as.  When you bind with SASL, the SASL identity
is transformed in a DN like "uid=<user>,cn=<realm>,cn=<mech>,cn=auth"
(cn=<realm> is optional).  You can choose to map this DN onto a real user,
or leave it as is.  In any case, you can then use the resulting DN as the
rootdn of the config database.

See slapd.conf(5) and the Admin Guide for further details.

p.




Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------