LDAP browsers and cn=config

[Gervase Markham <gerv@mozilla.org>]

How does one use an LDAP browser to view and change the cn=config config?

I am using the OpenLDAP 2.4.23 package from Ubuntu 10.10, and have been 
using both "luma" and more recently ApacheDS. I have tried an enormous 
number of ways all afternoon, but feel I'm stumbling in the dark. Do I 
have to use a special bind DN and password, or should the RootDN and 
password for my normal data do? If it's special, what is it? Where is it 
configured?

I can view the data using ldapsearch, as root:

  ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config

I've tried adding an olcRootPW and olcRootDN manually to the cn=config 
LDIF file (/etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif) but 
when I start slapd up again and do the command-line search it seems to 
have noticed the password but not the RootDN :-(

The magic way of getting at it (-Y EXTERNAL) given above, which works 
only for root, doesn't translate well into filling in boxes in an LDAP 
browser config. (I tried running the LDAP browser as root and binding 
anonymously - I could see all my data, but still not cn=config.)

The slapd-config man page has lots of info about what to change, but 
nothing about how to change it.

I've searched the web for hours, and tried to find it in the Admin 
Guide, but no luck.

Any help would be very much appreciated! :-)

Gerv