Got it! I read that you could have whatever you wanted as a rootdn for config as long as it was under "cn=config". My disconnect was I made my rootdn = 'cn=admin, dc=config" not "cn=admin, cn=config". Using dc, openldap rightly looks for the suffix specified however you don't specify a suffix for config. Doh!
Many thanks
Antonio Alonso <antonio.alonso@ericsson.com> wrote:
Hi !In your "slapd.conf" you need to define a rootDN in the "database config" section:----------------------------------------------------------------------------database config
#---
# rootdn can always read and write EVERYTHING!
#---
rootdn "cn=manager,cn=config"
rootpw secret-----------------------------------------------------------------------------Binding with these credential you an access (read, modify) the "cn=config" databaseBR / Antonio
Ah, makes perfect sense. I should be able to bind to cn=config and make standard LDAP searches and modifications while slapd is running correct?
From: openldap-software-bounces+antonio.alonso=ericsson.com@OpenLDAP.org [mailto:openldap-software-bounces+antonio.alonso=ericsson.com@OpenLDAP.org] On Behalf Of Mike Johnston
Sent: viernes, 25 de abril de 2008 12:27
To: openldap-software@openldap.org
Subject: Re: Openldap 2.4 and the cn=config directory
If so, can someone provide a sample bind string and olcDatabase file for the cn=config? I can't seem to bind to the cn=config to make my modifications.
BTW, I can bind with no problems to my LDAP database in hdb.
TIA,
Mike
Howard Chu <hyc@symas.com> wrote:Mike Johnston wrote:
> Hi,
> I used -f & -F options to build my cn=config from my slapd.conf file.
> Everything works however, I see a directory tree created and I got the
> impression from the Openldap 2.4 admin manual first page Chap 5 "the new
> style uses a slapd backend database to store the config". I assumed it
> meant a bdb/hdb backend database not an actual disk directory tree.
Obviously a poor assumption.
> Can it use a hdb/bdb for the cn=config store?
No. Currently it is hardcoded to use back-ldif. While it may be possible to
use different backends in the future, it's unlikely that back-bdb/hdb will
ever be candidates for that purpose, since they require fairly complex
configurations themselves. I.e., to avoid the chicken-and-egg problem of where
to get the configuration info for the underlying backend, only extremely
simple backends are suitable here.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.