[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Why "ldapadd -x -D cn=admin, cn=config -W -f ~/sudoWork/cn\=sudo.ldif" does not work?

To: Peng Yu <pengyu.ut@gmail.com>
Subject: Re: Why "ldapadd -x -D cn=admin, cn=config -W -f ~/sudoWork/cn\=sudo.ldif" does not work?
From: Robert Heller <heller@deepsoft.com>
Date: Sat, 29 Mar 2014 14:12:25 -0400
Cc: Dan White <dwhite@olp.net>, Robert Heller <heller@deepsoft.com>, openldap-technical@openldap.org
In-reply-to: <CABrM6wk44pPEy885gY85nzYSu6vZtA9_FMg7X3-BDpN6__MYrQ@mail.gmail.com>
Organization: Deepwoods Software
References: <CABrM6wnax2Z+6URcHhE-dpetaZTqyvGZ9T0_Tm=anbJHfELZsQ@mail.gmail.com> <20140329133250.GA6039@dan.olp.net> <CABrM6wnn-JAKarE896cLkb-bnp9p8d+T3RrmHSkV0TAZqHmLiA@mail.gmail.com> <20140329161851.GA5904@dan.olp.net> <CABrM6wk44pPEy885gY85nzYSu6vZtA9_FMg7X3-BDpN6__MYrQ@mail.gmail.com>

At Sat, 29 Mar 2014 11:52:55 -0500 Peng Yu <pengyu.ut@gmail.com> wrote:

> 
> > You have no olcRootDN listed for your configuration database, which, as I
> > understand it, means you have no capability to modify your config using
> > ldapadd. For a solution, see:
> >
> > http://www.openldap.org/lists/openldap-technical/201211/msg00195.html
> 
> The above instructions seem to be dangerous as it involves direct
> editing of /etc/ldap/slapd.d. Is it the best way.

If the existing config does not have an olcRootDN entry for the config itself, 
yes, it is the only way.  Think of this as a bootstrap step.  Once you have 
directly edited the config and inserted the olcRootDN and olcRootPW entries, 
you won't need to edit it again.

> 
> Also, what is "<edit the ldif>". Does something like the following work?
> 
> https://help.ubuntu.com/13.10/serverguide/openldap-server.html
> 
> # Accesslog database definitions
> dn: olcDatabase={2}hdb,cn=config
> objectClass: olcDatabaseConfig
> objectClass: olcHdbConfig
> olcDatabase: {2}hdb
> olcDbDirectory: /var/lib/ldap/accesslog
> olcSuffix: cn=accesslog
> olcRootDN: cn=admin,dc=example,dc=com
> olcDbIndex: default eq
> olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart
> 

-- 
Robert Heller             -- 978-544-6933 / heller@deepsoft.com
Deepwoods Software        -- http://www.deepsoft.com/
()  ascii ribbon campaign -- against html e-mail
/\  www.asciiribbon.org   -- against proprietary attachments

References:
- Why "ldapadd -x -D cn=admin, cn=config -W -f ~/sudoWork/cn\=sudo.ldif" does not work?
  - From: Peng Yu <pengyu.ut@gmail.com>
- Re: Why "ldapadd -x -D cn=admin, cn=config -W -f ~/sudoWork/cn\=sudo.ldif" does not work?
  - From: Dan White <dwhite@olp.net>
- Re: Why "ldapadd -x -D cn=admin, cn=config -W -f ~/sudoWork/cn\=sudo.ldif" does not work?
  - From: Peng Yu <pengyu.ut@gmail.com>
- Re: Why "ldapadd -x -D cn=admin, cn=config -W -f ~/sudoWork/cn\=sudo.ldif" does not work?
  - From: Dan White <dwhite@olp.net>
- Re: Why "ldapadd -x -D cn=admin, cn=config -W -f ~/sudoWork/cn\=sudo.ldif" does not work?
  - From: Peng Yu <pengyu.ut@gmail.com>

Prev by Date: Re: What is the replacement for /etc/ldap.conf?
Next by Date: Re: Why "ldapadd -x -D cn=admin, cn=config -W -f ~/sudoWork/cn\=sudo.ldif" does not work?
Index(es):
- Chronological
- Thread