[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6834) Conversion to cn=config needs more detail

andrew.findlay@skills-1st.co.uk wrote:
> On Wed, Feb 16, 2011 at 11:50:21AM +0000, Andrew Findlay wrote:
>> Admin Guide Section 5.4. "Converting old style slapd.conf(5) file to cn=config
>> format" suggests that it is enough to run a slapd tool with both -f and -F
>> options to perform this conversion. While strictly true, this will almost
>> certainly result in an un-manageable server because there is no rootPW set for
>> cn=config.
>> The attached patch provides guidance to avoid this trap.
> It would also be useful to copy the config database clause from
> slapd-config(5) into the example in the Admin Guide:
>                # set a rootpw for the config database so we can bind.
>                # deny access to everyone else.
>                dn: olcDatabase=config,cn=config
>                objectClass: olcDatabaseConfig
>                olcDatabase: config
>                olcRootPW: {SSHA}XKYnrjvGT3wZFQrDD5040US592LxsdLy
>                olcAccess: to * by * none

That ACL is already the default. In an isolated example there's no need to 
specify it. (It is present in the slapd-config(5) example to ensure that it 
takes precedence over the olcFrontendConfig ACLs immediately above it.)

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/