Hi list,
I have migrated my openldap installation from 2.3 (CentOS 5) to 2.4.40 (CentOS 7). So far so good the server is working, but then I found myself systematicaly denied when I tried to ajust the log level (or anything else in fact). In my olcDatabase={0}config.ldif I see that I dont have a olcRootPW set for the olcRootDN of this DB (I guess I made an error with my slapd.conf used for the migration with slaptest). The production db (on mdb, I hope it is stable enough with the centos 7 shipped version btw) is running fine and has a olcRootPW set and working.
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. # CRC32 07bfeb05 dn: olcDatabase={0}config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by * none olcAddContentAcl: TRUE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=config olcSyncUseSubentry: FALSE olcMonitoring: FALSE structuralObjectClass: olcDatabaseConfig
If I tried to just read the log level with:
root@ldap /etc/openldap # ldapsearch -x -H ldaps://ldap.mydomain -b 'cn=config' -D 'cn=config' -s base -LLL -W olcLoglevel Enter LDAP Password: ldap_bind: Server is unwilling to perform (53) additional info: unauthenticated bind (DN with no password) disallowed
(and I dont have any password to feed it)
Or: root@ldap /etc/openldap # ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 # extended LDIF # # LDAPv3 # base <cn=config> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 32 No such object
# numResponses: 1
My question is, and if it is indeed my problem, how can I add a olcRootPW to the config database if it's possible at all ?
Thank you, kfx