m h wrote:
> So my next
> question is how to migrate the rootdn from slapd.conf into the
> database? Seems like a chicken and egg problem.
You set rootdn and rootpw in slapd.conf. Then you create the base DIT
(entry for suffix) and a real entry for the rootdn. After that you
remove the rootpw from slapd.conf. You can set the userPassword
attribute via LDAP then.
> (Perhaps I'm not searching for the right terms on google. The example
> from 7.1 here [1], shows what appears to be a rootdn entry (dn:
> cn=Manager,dc=example,dc=com), but I can't set the userPasswd because
> it is not a person.)
You mean this example from the 2.2 Admin Guide?
# Organizational Role for Directory Manager
dn: cn=Manager,dc=example,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager
Seems to be a documentation bug. Add AUXILIARY object class
simpleSecurityObject to the entry:
# Organizational Role for Directory Manager
dn: cn=Manager,dc=example,dc=com
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: Manager
description: Directory Manager
userPassword: secret
Ciao, Michael.