Andrew Findlay wrote:
On Wed, Feb 16, 2011 at 02:51:19AM -0800, Howard Chu wrote:
I also suspect that there may not be a valid password set on the cn=config suffix, so you will not be able to manage the server through LDAP either.
Since it's starting on ldapi:/// he should just do a SASL EXTERNAL bind on ldapi:// using Unix root. Pretty sure Debian packages it with the appropriate authz-regexp already configured.
I don't have a Debian Squeeze server at present so I cannot check that.
Where is this documented? I am having great trouble finding any clear description of how to actually access cn=config in the bootstrap case.
I don't know where Debian documents their bootstrap config, you'll have to ask them.
Similarly I cannot find anything that clearly describes the use of SASL EXTERNAL with ldapi.
http://tools.ietf.org/html/draft-chu-ldap-ldapi-00
If you can point me at some authoritative statements I will propose a patch for the Admin Guide.
Andrew