Hi all,I have been getting a little confused by mismatching cn=admin DNs (there is an error on Debian Edu squeeze install currently that hints to some cn=admin + TLS problem).
mike@minobo:~/MyDocuments/4projects/debian-edu/debian-edu-config$ grep -ri cn=admin, * | grep -v svn etc/ldap/slapd-lenny_debian-edu.conf:rootdn "cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no" etc/ldap/slapd-lenny_debian-edu.conf:access to dn.base="cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no" etc/ldap/slapd-lenny_debian-edu.conf: by dn.exact="cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no" ssf=128 =wx etc/ldap/slapd-lenny_debian-edu.conf: by dn.exact="cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no" ssf=128 =w etc/ldap/slapd-lenny_debian-edu.conf:access to dn.exact="cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no" etc/ldap/slapd-debian-edu.conf:rootdn "cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no" etc/ldap/slapd-debian-edu.conf:access to dn.base="cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no" etc/ldap/slapd-debian-edu.conf: by dn.exact="cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no" ssf=128 =wx etc/ldap/slapd-debian-edu.conf: by dn.exact="cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no" ssf=128 =w etc/ldap/slapd-debian-edu.conf:access to dn.exact="cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no" etc/ldap/slapd-squeeze_debian-edu.conf:rootdn "cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no" ldap-bootstrap/root.ldif:## echo -n "cn=admin,ou=aclroles,dc=skole,dc=skolelinux,dc=no" | base64 -w0 ldap-bootstrap/root.ldif:dn: cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no ldap-bootstrap/root.ldif:member: cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no ldap-bootstrap/root.ldif:member: cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no ldap-tools/ldappasswd2:$dn = 'cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no';
ldap-tools/csvparser:my $ldapadmindn = "cn=admin,o=stfk,c=no";ldap-tools/ldap-upgrade-db-fix: -D "cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no" ldap-tools/barbarossa/makeldif:cat << EOF | ldapadd -x -h localhost -W -D cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no ldap-tools/barbarossa/makesmbAcc:cat << EOF | ldapmodify -x -h localhost -W -D cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
ldap-tools/sitesummary2ldapdhcp:my $binddn = "cn=admin,ou=ldap-access,$base";share/debian-edu-config/tools/ldap-users.pl: member => "cn=admin,ou=ldap-access," . $g{basedn},
To my experience the default cn=admin DN (that is the LDAP master account) should be
cn=admin,<BASEDN>As we are restructuring the whole LDAP tree, we should approach common standards here as well...
However, if we leave things as they are, we should agree on one unequivocal cn=admin DN/location in the LDAP DIT.
Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
Attachment:
pgph5MJHcyk71.pgp
Description: Digitale PGP-Unterschrift