[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Environment variable in slapd config



--On Friday, August 16, 2019 6:10 PM +0200 Marc Roos <M.Roos@f1-outsourcing.eu> wrote:

Why use a rootpw at all?

I though I cannot get around using this when changing the log level or
acls during runtime for instance?

You can't get around having a way to write to cn=config. RedHat/CentOS and Debian and Ubuntu all provide ways to do this via connecting with the SASL/EXTERNAL mechanism over the ldapi:/// socket as the root user as a part of their default configuration for cn=config.

I.e.,

[root@c7 ~]# ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config 1.1
dn: cn=config

dn: cn=schema,cn=config

dn: cn={0}core,cn=schema,cn=config

dn: cn={1}cosine,cn=schema,cn=config

dn: cn={2}inetorgperson,cn=schema,cn=config

dn: olcDatabase={-1}frontend,cn=config

dn: olcDatabase={0}config,cn=config

dn: olcDatabase={1}monitor,cn=config

dn: olcDatabase={2}hdb,cn=config

--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>