Hi, sorry that it took me a while to reply.
So I do have the config backend, since debian moved me over automatically.
So far the slapcat method has been working very nicely for me.
Another question I ran into is how do you edit cn=config, by default I have not been able to figure out.
I have so far seen two methods that work for me but they both feel a bit 'hacky' so I was wondering if there is another 'official' method.
The two things I have done:
1. edit the files in slapd.d (after stopping the openldap server to be on the safe side).
2. using ldapmodify, but this was only possible after I added a olcRootPW attribute to the olcDatabase object of the config backend by editing the file as described here:
http://www.zarafa.com/wiki/index.php/OpenLdap:_Switch_to_dynamic_config_backend_%28cn%3Dconfig%29#Add_or_Change_password_of_RootDN
It confused me at first since the configdb entry has the following acl:
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
I didn't understand how I could get access, it looked like I had to be root but even as root ldapmodify would refuse duty.
I guess after seeing these mails I should have been using something like -Y EXTERNAL?
Thanks and regards,
Eli
2011/1/5 Brian Candler
<B.Candler@pobox.com>
On Tue, Jan 04, 2011 at 05:44:25PM +0200, E.S. Rosenberg wrote:
> How do I get to see the contents of cn=config?
> Things I have tried:
> ldapsearch -b cn=config -D cn=admin,dc=mydomain -W
> ldapsearch -x cn=config
> ldapsearch -D cn=admin,dc=mydomain -W cn=config
> Some help/pointers in the right direction would be greatly appreciated.
Have you tried:
ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config
(need to be run as root)