Re: How to search the "config" database ?

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Wednesday, October 26, 2005 3:00 PM +0800 "William.Zhang" 
<zzw_happy@yahoo.com.cn> wrote:

> Dear :
>
> i cant read it without password. i operate by the following steps:
>
> 1. edit a basic slapd.conf file, add the config database and set its
> passwod, such as     database config
>     rootpw "OpenLdap"
>
> 2. use ldaptest utility to convert slapd.conf into slapd.d directory.
>
> 3. start slapd and have more modifications
>
>
> -----------------
> Regards.
>
> > --On Tuesday, October 25, 2005 10:09 AM +0200 Michael Stræder
> > <michael@stroeder.com> wrote:
> >
> > > William wrote:
> > > > $ ldapsearch -x  -b "cn=config" -s sub
> > > > [..]
> > > > result: 50 Insufficient access
> > >
> > > You have to bind as cn=config and provide the correct password.
> > >
> > > ldapsearch -x -D "cn=config" -b "cn=config" -s sub -W
> >
> > That is not necessarily correct.  You can read the cn=config database
> > with  any user that has privileges to read in it (See global ACL's).
> > You could  theoretically even give anonymous read to the cn=config
> > database.

I was incorrect.  I was thinking of the accesslog backend.  You can only 
search the cn=config DB as its rootdn at this time (it will later allow you 
to search via ACL's).

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin