[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Salted passwords, further clarification please



m h wrote:
> So my next
> question is how to migrate the rootdn from slapd.conf into the
> database?  Seems like a chicken and egg problem.

You set rootdn and rootpw in slapd.conf. Then you create the base DIT
(entry for suffix) and a real entry for the rootdn. After that you
remove the rootpw from slapd.conf. You can set the userPassword
attribute via LDAP then.

> (Perhaps I'm not searching for the right terms on google.  The example
> from 7.1 here [1], shows what appears to be a rootdn entry (dn:
> cn=Manager,dc=example,dc=com), but I can't set the userPasswd because
> it is not a person.)

You mean this example from the 2.2 Admin Guide?

        # Organizational Role for Directory Manager
        dn: cn=Manager,dc=example,dc=com
        objectClass: organizationalRole
        cn: Manager
        description: Directory Manager

Seems to be a documentation bug. Add AUXILIARY object class
simpleSecurityObject to the entry:

        # Organizational Role for Directory Manager
        dn: cn=Manager,dc=example,dc=com
        objectClass: organizationalRole
        objectClass: simpleSecurityObject
        cn: Manager
        description: Directory Manager
        userPassword: secret

Ciao, Michael.