Full_Name: Steven Elling Version: 2.4.* OS: Irrelevant URL: http://www.openldap.org/doc/admin24/ Submission from: (NULL) (205.240.253.201) The OpenLDAP 2.4 Admin Guide makes no mention of the fact that the "olcRootDN" defined in "olcDatabase={0}config,cn=config" has full access to the "cn=config" DIT (i.e. That there is an implied "olcSuffix" value of "cn=config"). While I now understand this important detail, I think it is best to add this information to the documentation for clarification (or as a reminder) to new and current users of the OpenLDAP software.
moved from Incoming to Documentation
The slapd-config(5) manpage states explicitly Unlike other backends, there can only be one instance of the config backend, and most of its structure is predefined. The root of the data‐ base is hardcoded to cn=config and this root entry contains global set‐ tings for slapd. The Admin Guide says in section 5.3 Lines 23-25 identify this entry as the config database entry. Line 26 defines the super-user password for this database. (The DN defaults to "cn=config".) Line 27 denies all access to this database, so only the super-user will be able to access it. (This is already the default access on the config database. It is just listed here for illustration, and to reiterate that unless a means to authenticate as the super-user is explicitly configured, the config database will be inaccessible.) I see no need for additional description.