[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap auth does not works after openldap upgrade

On Wed, Feb 16, 2011 at 08:09:55AM -0800, Quanah Gibson-Mount wrote:

> >Where is this documented? I am having great trouble finding
> >any clear description of how to actually access cn=config in
> >the bootstrap case. Similarly I cannot find anything that
> >clearly describes the use of SASL EXTERNAL with ldapi.
> >
> >If you can point me at some authoritative statements I will
> >propose a patch for the Admin Guide.
> Why?  This is something Debian/Ubuntu chose to do for configuring
> the cn=config backend, not the OpenLDAP project.  It should be
> something clearly documented by those projects.  If you take the
> time to read the Ubuntu 10.04 LDAP guides, I know it is correctly
> documented there as it should be.

This is not a Debian-specific issue. The OpenLDAP project is promoting
the use of cn=config in place of slapd.conf yet when I look in the Admin
Guide I find that there is not enough information to use it properly.

There are two separate issues:

(1)	Getting a good initial config so that slapd can be managed
	through cn=config
	This is fairly well covered, with a few areas that need tidying up.
	I have proposed a couple of changes.

(2)	Using ldapi: - particularly with SASL EXTERNAL, which is
	almost essential if you want to do a file-free bootstrap.

I am willing to help write the docs, but I am having trouble finding
authoritative descriptions of how ldapi: behaves and should be used. I
am sure there is useful info in the list archives somewhere - I just
have not found it yet. Maybe I should use Ubuntu as the primary source?

|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |