[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP browsers and cn=config
Hi Torsten,
Thanks for your help!
On 07/03/11 17:37, Torsten Schlabach (Tascel eG) wrote:
Take a look at the olcAccess attribute values of your cn=config database.
This should tell you who's allowed to read it or not.
I did add a value to try and make this work (see below), but perhaps I
haven't done all that's necessary.
It depends where your cn=config data comes from, but in many examples you
will find an olcAccess attribute granting write access to a DN called
cn=admin,cn=config. You need to have that object in your cn=config database
then and it should have the password attribute set.
Post the olcAccess sections of your LDIF here, I think this may help.
Here is my olcDatabase={0}config.ldif, with some comments:
dn: olcDatabase={0}config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by
dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
,cn=auth manage by * break
# This one added by me recently:
olcAccess: {0}to * by dn.exact=cn=admin,cn=config manage by * break
structuralObjectClass: olcDatabaseConfig
entryUUID: 9dfea13e-dd1c-102f-8cc4-2fe95e0d0dbe
creatorsName: cn=config
createTimestamp: 20110307153755Z
entryCSN: 20110307153755.993390Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20110307153755Z
# These two added by me recently:
oldRootDN: cn=admin,cn=config
olcRootPW: config
So it looks like I just need to make sure I have the cn=admin,cn=config
object in my database. And I think I can probably add it using the magic
-Y EXTERNAL method and ldapadd. However, I don't know how to construct
it - what objectClass should it have?
Gerv