[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to search the "config" database ?

--On Wednesday, October 26, 2005 3:00 PM +0800 "William.Zhang" <zzw_happy@yahoo.com.cn> wrote:

Dear :

i cant read it without password. i operate by the following steps:

1. edit a basic slapd.conf file, add the config database and set its
passwod, such as     database config
    rootpw "OpenLdap"

2. use ldaptest utility to convert slapd.conf into slapd.d directory.

3. start slapd and have more modifications

----------------- Regards.

--On Tuesday, October 25, 2005 10:09 AM +0200 Michael Stræder <michael@stroeder.com> wrote:

William wrote:

$ ldapsearch -x -b "cn=config" -s sub [..] result: 50 Insufficient access

You have to bind as cn=config and provide the correct password.

ldapsearch -x -D "cn=config" -b "cn=config" -s sub -W

That is not necessarily correct. You can read the cn=config database with any user that has privileges to read in it (See global ACL's). You could theoretically even give anonymous read to the cn=config database.

I was incorrect. I was thinking of the accesslog backend. You can only search the cn=config DB as its rootdn at this time (it will later allow you to search via ACL's).


Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin