[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authentication for on the fly configuration updates in OpenLDAP 2.4

To: openldap-technical@openldap.org
Subject: Re: Authentication for on the fly configuration updates in OpenLDAP 2.4
From: Razvan Deaconescu <razvan@rosedu.org>
Date: Fri, 28 Jan 2011 19:10:26 +0200
In-reply-to: <20110128152440.GA4673@dan.olp.net>
References: <4D42D8AB.2090009@rosedu.org> <20110128152440.GA4673@dan.olp.net>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.16) Gecko/20101226 Iceowl/1.0b1 Icedove/3.0.11

On 01/28/2011 05:24 PM, Dan White wrote:
> On 28/01/11 16:54 +0200, Razvan Deaconescu wrote:
>> Hi!
>>
>> I've browsed the configuration page for slapd[1] and it mentions that,
>> for starting from version 2.3, "The LDAP configuration engine allows all
>> of slapd's configuration options to be changed on the fly, generally
>> without requiring a server restart for the changes to take effect."
>>
>> What is the user and password required to update the LDAP configuration
>> database?
>>
>> I'm using slapd 2.4.23-7 on a Debian Squeeze (testing). I've tried using
>> the admin user (cn=admin,dc=...,dc=...) and it fails. This link[2]
>> mentions using the cn=admin,dc=config account and a password found in
>> ldap.secret. I've not found that file and don't know what is the
>> password for the cn=admin,dc=config account.
> 
> Try 'slapcat -n0', and see what, if any, olcRootDN and olcRootPW settings
> you have listed under olcDatabase={0}config,cn=config. The config backend
> maintains it's own rootdn and rootpw settings.

There is only the olcRootDN setting:
---
# slapcat -n0 | grep -C 5 '^\(olcRootDN\|olcRootPW\)'
olcAccess: {0}to *  by * none
olcAddContentAcl: TRUE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=config
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
structuralObjectClass: olcDatabaseConfig
entryUUID: ed743d3a-adc6-102f-9a18-f1967b980507
creatorsName: cn=config
---

> If those options are missing, you could try rebuilding your config from
> scratch from your own slapd.conf, by explicitly setting those options with
> this config snippet:
> 
> database        config
> rootdn          "cn=admin,dc=example,dc=org"
> rootpw          xxx
> 
> That would involve moving your existing /etc/ldap/slapd.d and /var/lib/ldap
> directories out of the way and regenerating them.

So I have to regenerate all configuration and database files?

I might have done something wrong, but it seems pretty strange that a
default Debian installation wouldn't provide the config user/password
for this.

Razvan

Follow-Ups:
- Re: Authentication for on the fly configuration updates in OpenLDAP 2.4
  - From: Dan White <dwhite@olp.net>

References:
- Authentication for on the fly configuration updates in OpenLDAP 2.4
  - From: Razvan Deaconescu <razvan@rosedu.org>
- Re: Authentication for on the fly configuration updates in OpenLDAP 2.4
  - From: Dan White <dwhite@olp.net>

Prev by Date: Re: Authentication for on the fly configuration updates in OpenLDAP 2.4
Next by Date: syncrepl don't preserve the order of the value on multivalued attribute
Index(es):
- Chronological
- Thread