Re: ldap auth does not works after openldap upgrade
Andrew Findlay wrote:
On Wed, Feb 16, 2011 at 02:51:19AM -0800, Howard Chu wrote:
>> I also suspect that there may not be a valid password set on the
>> cn=config suffix, so you will not be able to manage the server through
>> LDAP either.
>
> Since it's starting on ldapi:/// he should just do a SASL EXTERNAL
> bind on ldapi:// using Unix root. Pretty sure Debian packages it
> with the appropriate authz-regexp already configured.
I don't have a Debian Squeeze server at present so I cannot
check that.
Where is this documented? I am having great trouble finding
any clear description of how to actually access cn=config in
the bootstrap case.
I don't know where Debian documents their bootstrap config, you'll have to ask
them.
Similarly I cannot find anything that
clearly describes the use of SASL EXTERNAL with ldapi.
http://tools.ietf.org/html/draft-chu-ldap-ldapi-00
If you can point me at some authoritative statements I will
propose a patch for the Admin Guide.
Andrew
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/