Re: Admin password (cn=admin,dc=config) for OpenLDAP in Debian Squeeze
On 02/02/2011 05:24 PM, Rob Owens wrote:
> On Mon, Jan 31, 2011 at 05:05:56PM +0200, Razvan Deaconescu wrote:
>> I've browsed the configuration page for slapd and it mentions that,
>> for starting from version 2.3, "The LDAP configuration engine allows all
>> of slapd's configuration options to be changed on the fly, generally
>> without requiring a server restart for the changes to take effect."
>> I'm using slapd 2.4.23-7 on a Debian Squeeze (testing). Trying to
>> configure TLS support I've found this page mentions using the
>> cn=admin,dc=config account and a password for it. What is the user and
>> password required to update the LDAP configuration database in a
>> Debian-based configuration?
> Do you have a file called /etc/libnss-ldap.secret or /etc/pam_ldap.secret?
> Sometimes the password is stored there.
Both the /etc/libnss-ldap.conf and the /etc/pam_ldap.conf files mention
that the *.secret files are to be used as password files for the LDAP
account to be used by root:
# grep -C 3 secret /etc/pam_ldap.conf
# The credentials to bind with.
# Optional: default is no credential.
# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/pam_ldap.secret (mode 600)
# The port.
I think this is only used for the client side and is not a server