[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Environment variable in slapd config

To: Marc Roos <M.Roos@f1-outsourcing.eu>
Subject: RE: Environment variable in slapd config
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Fri, 16 Aug 2019 08:18:37 -0700
Cc: openldap-technical <openldap-technical@openldap.org>
Content-disposition: inline
In-reply-to: <"H00000710014c392.1565968247.sx.f1-outsourcing.eu*"@MHS>
References: <"H00000710014c392.1565968247.sx.f1-outsourcing.eu*"@MHS>

--On Friday, August 16, 2019 6:10 PM +0200 Marc Roos<M.Roos@f1-outsourcing.eu> wrote:

Why use a rootpw at all?


I though I cannot get around using this when changing the log level or
acls during runtime for instance?

You can't get around having a way to write to cn=config. RedHat/CentOS andDebian and Ubuntu all provide ways to do this via connecting with theSASL/EXTERNAL mechanism over the ldapi:/// socket as the root user as apart of their default configuration for cn=config.


I.e.,

[root@c7 ~]# ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config 1.1
dn: cn=config

dn: cn=schema,cn=config

dn: cn={0}core,cn=schema,cn=config

dn: cn={1}cosine,cn=schema,cn=config

dn: cn={2}inetorgperson,cn=schema,cn=config

dn: olcDatabase={-1}frontend,cn=config

dn: olcDatabase={0}config,cn=config

dn: olcDatabase={1}monitor,cn=config

dn: olcDatabase={2}hdb,cn=config

--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

References:
- RE: Environment variable in slapd config
  - From: "Marc Roos" <M.Roos@f1-outsourcing.eu>

Prev by Date: RE: Environment variable in slapd config
Next by Date: Fresh install changing the hdb to mdb
Index(es):
- Chronological
- Thread