[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Creating database, catch-22

Peter Mogensen wrote:

I've been trying to script database creation via cn=config.
Creating the HDB database works fine, but when I try to add the LDIF for the root node, I get:

# ldapadd -YEXTERNAL -H ldapi:/// -f ./bootstrap.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
adding new entry "dc=app,dc=example,dc=com"
ldap_add: Insufficient access (50)
        additional info: no write access to parent

... which is understandable. However, I would prefer not to set a temporary rootpw for the database. Is there any way around that?

I considered Proxy authorization, but the root DN for the database I'm creating is in the LDIF I'm trying to add.


PS: As you can probably see, all access goes through SASL EXTERNAL. UNIX root maps to cn=config via ldapi:/// , remote access uses x509 certificates.

Add an ACL (either global, if there aren't any in that database, or local) that allows the identity you trust to write to that database.