Hi,
I've been trying to script database creation via cn=config. Creating the HDB database works fine, but when I try to add the LDIF for the root node, I get:
# ldapadd -YEXTERNAL -H ldapi:/// -f ./bootstrap.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "dc=app,dc=example,dc=com" ldap_add: Insufficient access (50) additional info: no write access to parent
... which is understandable. However, I would prefer not to set a temporary rootpw for the database. Is there any way around that?
I considered Proxy authorization, but the root DN for the database I'm creating is in the LDIF I'm trying to add.
/Peter
PS: As you can probably see, all access goes through SASL EXTERNAL. UNIX root maps to cn=config via ldapi:/// , remote access uses x509 certificates.