[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldap auth does not works after openldap upgrade
On Wed, Feb 16, 2011 at 08:09:55AM -0800, Quanah Gibson-Mount wrote:
> >Where is this documented? I am having great trouble finding
> >any clear description of how to actually access cn=config in
> >the bootstrap case. Similarly I cannot find anything that
> >clearly describes the use of SASL EXTERNAL with ldapi.
> >
> >If you can point me at some authoritative statements I will
> >propose a patch for the Admin Guide.
>
> Why? This is something Debian/Ubuntu chose to do for configuring
> the cn=config backend, not the OpenLDAP project. It should be
> something clearly documented by those projects. If you take the
> time to read the Ubuntu 10.04 LDAP guides, I know it is correctly
> documented there as it should be.
This is not a Debian-specific issue. The OpenLDAP project is promoting
the use of cn=config in place of slapd.conf yet when I look in the Admin
Guide I find that there is not enough information to use it properly.
There are two separate issues:
(1) Getting a good initial config so that slapd can be managed
through cn=config
This is fairly well covered, with a few areas that need tidying up.
I have proposed a couple of changes.
(2) Using ldapi: - particularly with SASL EXTERNAL, which is
almost essential if you want to do a file-free bootstrap.
I am willing to help write the docs, but I am having trouble finding
authoritative descriptions of how ldapi: behaves and should be used. I
am sure there is useful info in the list archives somewhere - I just
have not found it yet. Maybe I should use Ubuntu as the primary source?
Andrew
--
-----------------------------------------------------------------------
| From Andrew Findlay, Skills 1st Ltd |
| Consultant in large-scale systems, networks, and directory services |
| http://www.skills-1st.co.uk/ +44 1628 782565 |
-----------------------------------------------------------------------