[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Creating database, catch-22



Peter Mogensen wrote:
Hi,

I've been trying to script database creation via cn=config.
Creating the HDB database works fine, but when I try to add the LDIF for the root node, I get:

# ldapadd -YEXTERNAL -H ldapi:/// -f ./bootstrap.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "dc=app,dc=example,dc=com"
ldap_add: Insufficient access (50)
        additional info: no write access to parent


... which is understandable. However, I would prefer not to set a temporary rootpw for the database. Is there any way around that?

I considered Proxy authorization, but the root DN for the database I'm creating is in the LDIF I'm trying to add.

/Peter

PS: As you can probably see, all access goes through SASL EXTERNAL. UNIX root maps to cn=config via ldapi:/// , remote access uses x509 certificates.

Add an ACL (either global, if there aren't any in that database, or local) that allows the identity you trust to write to that database.

p.