[Date Prev][Date Next]
Re: Quick newbie pointer - unauth ldap* commands as root on ldap master
On 15/09/11 18:18 +0100, Tim Watts wrote:
Sorry - this will sound really dumb... For people who aren't very
LDAP savvy, what the cleanest way to rig an LDAP server that I have
root access to to:
allow unprompted ldap* commands (eg ldapmodify).
GoSA has got confused creating a user and I need to manually force
some ldif files with minor changes through...
MIT Kerberos has a kdamin.local command that does not care about
authentication because it has direct access to the database files.
Is there something similar for OpenLDAP? This is a files based ldap
server, not using SQL.
I have located an ldap.secret file but am having trouble
authenticating with its content. I'm fairly confused because LDAP
appears to have many many ways to handle authentication...
You could use slapcat(8) to add entries.
What I prefer to do instead is use SASL EXTERNAL authentication over
ldapi:///, which allows me to use all the standard command line utilities
(e.g. ldapsearch). This following is from an older server using a
# Map the root user to the rootdn
See slapd.conf(5)/slapd-config(5). Then configure default
parameters in your ldap.conf, such as:
And set your /root/.ldaprc to:
You'll need to configure your slapd server to listen on ldapi:///, which
might be configured in your init.d startup script or, on some Linux
distributions, in /etc/default/slapd.
After doing so, I can add entries with:
ldapadd -f entries.ldif
When connecting from remote servers, I use a similar setup using SASL