[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authentication for on the fly configuration updates in OpenLDAP 2.4



On 28/01/11 16:54 +0200, Razvan Deaconescu wrote:
Hi!

I've browsed the configuration page for slapd[1] and it mentions that,
for starting from version 2.3, "The LDAP configuration engine allows all
of slapd's configuration options to be changed on the fly, generally
without requiring a server restart for the changes to take effect."

What is the user and password required to update the LDAP configuration
database?

I'm using slapd 2.4.23-7 on a Debian Squeeze (testing). I've tried using
the admin user (cn=admin,dc=...,dc=...) and it fails. This link[2]
mentions using the cn=admin,dc=config account and a password found in
ldap.secret. I've not found that file and don't know what is the
password for the cn=admin,dc=config account.

Try 'slapcat -n0', and see what, if any, olcRootDN and olcRootPW settings
you have listed under olcDatabase={0}config,cn=config. The config backend
maintains it's own rootdn and rootpw settings.

If those options are missing, you could try rebuilding your config from
scratch from your own slapd.conf, by explicitly setting those options with
this config snippet:

database        config
rootdn          "cn=admin,dc=example,dc=org"
rootpw          xxx

That would involve moving your existing /etc/ldap/slapd.d and /var/lib/ldap
directories out of the way and regenerating them.

Another option might be to stop slapd, and manually edit the
/etc/ldap/slapd.d/cn=config/olcDatabase\=\{0\}config.ldif file to add those
options, but I believe that approach is considered unsupported.

--
Dan White