m h wrote:
So my next question is how to migrate the rootdn from slapd.conf into the database? Seems like a chicken and egg problem.
You set rootdn and rootpw in slapd.conf. Then you create the base DIT (entry for suffix) and a real entry for the rootdn. After that you remove the rootpw from slapd.conf. You can set the userPassword attribute via LDAP then.
(Perhaps I'm not searching for the right terms on google. The example from 7.1 here [1], shows what appears to be a rootdn entry (dn: cn=Manager,dc=example,dc=com), but I can't set the userPasswd because it is not a person.)
You mean this example from the 2.2 Admin Guide?
# Organizational Role for Directory Manager dn: cn=Manager,dc=example,dc=com objectClass: organizationalRole cn: Manager description: Directory Manager
Seems to be a documentation bug. Add AUXILIARY object class simpleSecurityObject to the entry:
# Organizational Role for Directory Manager dn: cn=Manager,dc=example,dc=com objectClass: organizationalRole objectClass: simpleSecurityObject cn: Manager description: Directory Manager userPassword: secret
Ciao, Michael.