[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: fresh (distro's) installation and cn=config password

To: <openldap-technical@openldap.org>
Subject: Re: fresh (distro's) installation and cn=config password
From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
Date: Tue, 24 Jan 2017 13:20:17 +0100
Content-disposition: inline

(Copy for the list)
>>> Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> schrieb am 24.01.2017 um 13:19
in Nachricht <58875475.ED38.00A1.0@rz.uni-regensburg.de>:
>>>> lejeczek <peljasz@yahoo.co.uk> schrieb am 23.01.2017 um 17:59 in Nachricht
> <ff479edd-d352-2357-9275-9a66ed520be0@yahoo.co.uk>:
> > hi everybody,
> > this must be one of the most ancient questions - but 
> > browsing (centos') local docs reveal nothing.
> > I'd imagine passwords is that first & most important thing 
> > everybody does to make sure slapd is secured, something like 
> > "mysql_secure_installation"
> > 
> > I'm trying to do something I'd think is simple and should 
> > just work, but, I'm wrong, so I do:
> > 
> > slapadd -v -n0 <<EOL
> > dn: olcDatabase={0}config,cn=config
> > objectClass: olcDatabaseConfig
> > olcDatabase: {0}config
> > 
> > olcRootDN: cn=admin,cn=config
> > olcRootPW:: exxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> > 
> > EOL
> > 
> > and I get in return:
> > slapadd: could not add entry 
> > dn="olcDatabase={0}config,cn=config" (line=1): autocreation 
> > of "olcDatabase={-1}frontend" failed
> 
> What about:
> dn: cn=config
> objectClass: olcGlobal
> cn: config
> [...]
> dn: cn=schema,cn=config
> objectClass: olcSchemaConfig
> cn: schema
> [...]
> dn: olcDatabase={-1}frontend,cn=config
> objectClass: olcDatabaseConfig
> olcAccess: ...
> [...]
> dn: olcDatabase={0}config,cn=config
> objectClass: olcDatabaseConfig
> olcDatabase: {0}config
> olcAccess: ...
> [...]
> olcRootDN: cn=config
> olcRootPW: {SSHA}...
> 
> Regards,
> Ulrich
> 
> > 
> > So that question - how does one secure ldap installation?
> > But I'd insist on not referring something like "slaptest and 
> > convert old school to ..." or .. edit config file(s)
> > What I think is - I have a clean installation which is 
> > configured in probably best possible way but missing is: 
> > olcRootDN, olcRootPW
> > How to use slapadd for it? Is slapadd not the right tool for 
> > this?
> > 
> > many thanks,
> > L.
> 
> 
> 
>

Prev by Date: MDB map size = maxsize ?
Next by Date: Re: use proprietary password hash in "userpassword"
Index(es):
- Chronological
- Thread