[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP browsers and cn=config

On Mon, Mar 07, 2011 at 05:26:51PM +0000, Gervase Markham wrote:

> How does one use an LDAP browser to view and change the cn=config config?
> I am using the OpenLDAP 2.4.23 package from Ubuntu 10.10, and have
> been using both "luma" and more recently ApacheDS. I have tried an
> enormous number of ways all afternoon, but feel I'm stumbling in the
> dark. Do I have to use a special bind DN and password, or should the
> RootDN and password for my normal data do? If it's special, what is
> it? Where is it configured?

Most browsers treat the schema DN as a special case. In Apache
Directory Studio, right-click on the LDAP connection and select 'open
schema browser'. jXplorer has the schema in a separate panel/tab.

> I can view the data using ldapsearch, as root:
>   ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config

You should normally be able to view schema when bound anonymously.

For permission to change it through LDAP, maybe you should be looking
at ACLs rather than rootDN?

|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |