[Date Prev][Date Next]
Re: Creating database, catch-22
Peter Mogensen wrote:
I've been trying to script database creation via cn=config.
Creating the HDB database works fine, but when I try to add the LDIF for
the root node, I get:
# ldapadd -YEXTERNAL -H ldapi:/// -f ./bootstrap.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "dc=app,dc=example,dc=com"
ldap_add: Insufficient access (50)
additional info: no write access to parent
... which is understandable. However, I would prefer not to set a
temporary rootpw for the database. Is there any way around that?
I considered Proxy authorization, but the root DN for the database I'm
creating is in the LDIF I'm trying to add.
PS: As you can probably see, all access goes through SASL EXTERNAL. UNIX
root maps to cn=config via ldapi:/// , remote access uses x509
Add an ACL (either global, if there aren't any in that database, or
local) that allows the identity you trust to write to that database.