Admin password (cn=admin,dc=config) for OpenLDAP in Debian Squeeze
Hi!
I've browsed the configuration page for slapd[1] and it mentions that,
for starting from version 2.3, "The LDAP configuration engine allows all
of slapd's configuration options to be changed on the fly, generally
without requiring a server restart for the changes to take effect."
I'm using slapd 2.4.23-7 on a Debian Squeeze (testing). Trying to
configure TLS support I've found this page[2] mentions using the
cn=admin,dc=config account and a password for it. What is the user and
password required to update the LDAP configuration database in a
Debian-based configuration?
I found out the password should be stored as olcRootPW in the
olcDatabase={0}config. However, the default configuration lacks this
password:
---
# slapcat -n0 | grep -C 5 '^\(olcRootDN\|olcRootPW\)'
olcAccess: {0}to * by * none
olcAddContentAcl: TRUE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=config
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
structuralObjectClass: olcDatabaseConfig
entryUUID: ed743d3a-adc6-102f-9a18-f1967b980507
creatorsName: cn=config
---
I found the easiest way was to add a olcRootPW option to the
olcDatabase={0}config file (password generated using slappasswd) and
then restarting the server. However, manually editing these files is
discouraged, but I didn't find a better way.
How should this be handled. Is there a specialized way of configuring
the above mentioned password?
Razvan
[1] http://www.openldap.org/doc/admin24/slapdconf2.html
[2] http://ilostmynotes.blogspot.com/2009/04/openldap-24-and-tls.html
Reply to: