[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6834) Conversion to cn=config needs more detail

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6834) Conversion to cn=config needs more detail
From: andrew.findlay@skills-1st.co.uk
Date: Wed, 16 Feb 2011 15:31:02 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

On Wed, Feb 16, 2011 at 11:50:21AM +0000, Andrew Findlay wrote:

> Admin Guide Section 5.4. "Converting old style slapd.conf(5) file to cn=config
> format" suggests that it is enough to run a slapd tool with both -f and -F
> options to perform this conversion. While strictly true, this will almost
> certainly result in an un-manageable server because there is no rootPW set for
> cn=config.
> 
> The attached patch provides guidance to avoid this trap.

It would also be useful to copy the config database clause from
slapd-config(5) into the example in the Admin Guide:

              # set a rootpw for the config database so we can bind.
              # deny access to everyone else.
              dn: olcDatabase=config,cn=config
              objectClass: olcDatabaseConfig
              olcDatabase: config
              olcRootPW: {SSHA}XKYnrjvGT3wZFQrDD5040US592LxsdLy
              olcAccess: to * by * none

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

Prev by Date: (ITS#6834) Conversion to cn=config needs more detail
Next by Date: Re: (ITS#6833) LDAP hangs on Solaris
Index(es):
- Chronological
- Thread