[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Admin user has two passwords

----- Original Message -----
> From: "Dan White" <dwhite@olp.net>
> To: "Wiebe Cazemier" <wiebe@halfgaar.net>
> Cc: "Maarten Vanraes" <maarten.vanraes@gmail.com>, openldap-technical@openldap.org
> Sent: Friday, 28 December, 2012 3:47:58 PM
> Subject: Re: Admin user has two passwords
> There is no admin user per se. There is an authentication identity
> that
> you can specify in your configuration with rootdn/olcRootDN, along
> with
> it's password, rootpw/OlcRootPW.
> Creating the same DN within your DIT may confuse things, and it is
> not
> necessary that it actually exist (unless you do not specify a
> rootpw).
> See:
> http://www.openldap.org/doc/admin24/access-control.html#Controlling%20rootdn%20access
> and the slapd.conf/slapd-config man pages.
> --
> Dan White

Does that mean that the Ubuntu docs [1] give the wrong instructions? Because in its backend.example.ldif, it makes:

olcRootDN: cn=admin,dc=example,dc=com
olcRootPW: secret

and then it loads an admin user with frontend.example.ldif:

# Admin user.
dn: cn=admin,dc=example,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: secret

So what I should do is remove the admin user, and set olcRootPW (but then to a value generated with slappasswd to avoid plain text)?

[1] https://help.ubuntu.com/10.04/serverguide/openldap-server.html