[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authentication for on the fly configuration updates in OpenLDAP 2.4

On 28/01/11 19:10 +0200, Razvan Deaconescu wrote:
# slapcat -n0 | grep -C 5 '^\(olcRootDN\|olcRootPW\)'
olcAccess: {0}to *  by * none
olcAddContentAcl: TRUE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=config
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
structuralObjectClass: olcDatabaseConfig
entryUUID: ed743d3a-adc6-102f-9a18-f1967b980507
creatorsName: cn=config

If those options are missing, you could try rebuilding your config from
scratch from your own slapd.conf, by explicitly setting those options with
this config snippet:

database        config
rootdn          "cn=admin,dc=example,dc=org"
rootpw          xxx

That would involve moving your existing /etc/ldap/slapd.d and /var/lib/ldap
directories out of the way and regenerating them.

So I have to regenerate all configuration and database files?

I might have done something wrong, but it seems pretty strange that a
default Debian installation wouldn't provide the config user/password
for this.

I have discovered this myself, and I personally just rebuild from my own
slapd.conf. I just took a look at the debian/slapd.conf template file in
squeeze, which presumably is what the package installation uses to
ultimately generate the slapd.d config backend. I've copied it here:


This config is missing two pretty important items in my opinion:



database        config
rootdn          "cn=admin,@SUFFIX@"



Dan White