[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Admin password (cn=admin,dc=config) for OpenLDAP in Debian Squeeze

On 02/02/2011 05:24 PM, Rob Owens wrote:
> On Mon, Jan 31, 2011 at 05:05:56PM +0200, Razvan Deaconescu wrote:
>> Hi!
>>
>> I've browsed the configuration page for slapd[1] and it mentions that,
>> for starting from version 2.3, "The LDAP configuration engine allows all
>> of slapd's configuration options to be changed on the fly, generally
>> without requiring a server restart for the changes to take effect."
>>
>> I'm using slapd 2.4.23-7 on a Debian Squeeze (testing). Trying to
>> configure TLS support I've found this page[2] mentions using the
>> cn=admin,dc=config account and a password for it. What is the user and
>> password required to update the LDAP configuration database in a
>> Debian-based configuration?
>>
> Do you have a file called /etc/libnss-ldap.secret or /etc/pam_ldap.secret?
> Sometimes the password is stored there.

Both the /etc/libnss-ldap.conf and the /etc/pam_ldap.conf files mention
that the *.secret files are to be used as password files for the LDAP
account to be used by root:
---
# grep -C 3 secret /etc/pam_ldap.conf

# The credentials to bind with.
# Optional: default is no credential.
#bindpw secret

# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/pam_ldap.secret (mode 600)
rootbinddn cn=manager,dc=example,dc=net

# The port.
---

I think this is only used for the client side and is not a server
configuration.

Razvan
Reply to: