Hi Igor, On Tue, Jan 06, 2015 at 01:56:23PM +0100, Igor Shmukler wrote:
I install the server with apptitude and have LDIFs to change the root password and suffix.
You might consider preseeding those prior to installation, using debconf-set-selections(1). If you do want to reconfigure the suffix after installation, dpkg-reconfigure(8) is a safe way to do that.
In particular, if you do this:
dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=example,dc=com
and start loading new data into the existing database without deleting the old files first, you risk running into https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546368 .
The olcAccess is the part that is not working as I expected. My LDIF runs just fine changing the name, and domain suffix. Yet, after the operation is complete, ldapsearch(1) start returning errors. When the suffix was nodomain [default left by the install] searches worked.
Please provide an example ldapsearch(1) command and its output, and the access rules currently in use (as per ldapsearch/slapcat of cn=config). I don't see anything obviously wrong in what you posted.
olcAccess: {2}to * by self write by dn="cn=admin,dc=example,dc=com"
write by * read
Consider the 'by self write' part of that carefully. You may not want users modifying their own uidNumber and gidNumber, for example. (Newer versions of the package stopped including 'by self write' in the default ACL because of that.)
hope that helps, Ryan
Attachment:
signature.asc
Description: Digital signature