[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Openldap 2.4 and the cn=config directory

To: "Mike Johnston" <mkejohnston@yahoo.com>, <openldap-software@openldap.org>
Subject: RE: Openldap 2.4 and the cn=config directory
From: "Antonio Alonso" <antonio.alonso@ericsson.com>
Date: Fri, 25 Apr 2008 15:37:38 +0200
Content-class: urn:content-classes:message
In-reply-to: <377532.69578.qm@web63815.mail.re1.yahoo.com>
References: <48112235.2010208@symas.com> <377532.69578.qm@web63815.mail.re1.yahoo.com>
Thread-index: Acim1qrxIEG0mnzoSXuKbGEDJdwwEgAAEVKQ
Thread-topic: Openldap 2.4 and the cn=config directory

Hi !

In your "slapd.conf" you need to define a rootDN in the "database config" section:

----------------------------------------------------------------------------

database   config
#---
# rootdn can always read and write EVERYTHING!
#---
rootdn     "cn=manager,cn=config"
rootpw     secret

-----------------------------------------------------------------------------

Binding with these credential you an access (read, modify) the "cn=config" database

BR / Antonio

From: openldap-software-bounces+antonio.alonso=ericsson.com@OpenLDAP.org [mailto:openldap-software-bounces+antonio.alonso=ericsson.com@OpenLDAP.org] On Behalf Of Mike Johnston
Sent: viernes, 25 de abril de 2008 12:27
To: openldap-software@openldap.org
Subject: Re: Openldap 2.4 and the cn=config directory

Ah, makes perfect sense. I should be able to bind to cn=config and make standard LDAP searches and modifications while slapd is running correct?

If so, can someone provide a sample bind string and olcDatabase file for the cn=config? I can't seem to bind to the cn=config to make my modifications.

BTW, I can bind with no problems to my LDAP database in hdb.

TIA,
Mike
Howard Chu <hyc@symas.com> wrote:

Mike Johnston wrote:
> Hi,
> I used -f & -F options to build my cn=config from my slapd.conf file.
> Everything works however, I see a directory tree created and I got the
> impression from the Openldap 2.4 admin manual first page Chap 5 "the new
> style uses a slapd backend database to store the config". I assumed it
> meant a bdb/hdb backend database not an actual disk directory tree.

Obviously a poor assumption.

> Can it use a hdb/bdb for the cn=config store?

No. Currently it is hardcoded to use back-ldif. While it may be possible to
use different backends in the future, it's unlikely that back-bdb/hdb will
ever be candidates for that purpose, since they require fairly complex
configurations themselves. I.e., to avoid the chicken-and-egg problem of where
to get the configuration info for the underlying backend, only extremely
simple backends are suitable here.

--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/

Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.

Follow-Ups:
- RE: Openldap 2.4 and the cn=config directory
  - From: Mike Johnston <mkejohnston@yahoo.com>

References:
- Re: Openldap 2.4 and the cn=config directory
  - From: Howard Chu <hyc@symas.com>
- Re: Openldap 2.4 and the cn=config directory
  - From: Mike Johnston <mkejohnston@yahoo.com>

Prev by Date: Re: Openldap 2.4 and the cn=config directory
Next by Date: RE: Openldap 2.4 and the cn=config directory
Index(es):
- Chronological
- Thread