andrew.findlay@skills-1st.co.uk wrote:
On Wed, Feb 16, 2011 at 11:50:21AM +0000, Andrew Findlay wrote:
Admin Guide Section 5.4. "Converting old style slapd.conf(5) file to cn=config format" suggests that it is enough to run a slapd tool with both -f and -F options to perform this conversion. While strictly true, this will almost certainly result in an un-manageable server because there is no rootPW set for cn=config.
The attached patch provides guidance to avoid this trap.
It would also be useful to copy the config database clause from slapd-config(5) into the example in the Admin Guide:
# set a rootpw for the config database so we can bind. # deny access to everyone else. dn: olcDatabase=config,cn=config objectClass: olcDatabaseConfig olcDatabase: config olcRootPW: {SSHA}XKYnrjvGT3wZFQrDD5040US592LxsdLy olcAccess: to * by * none
That ACL is already the default. In an isolated example there's no need to specify it. (It is present in the slapd-config(5) example to ensure that it takes precedence over the olcFrontendConfig ACLs immediately above it.)