On 28/01/11 19:10 +0200, Razvan Deaconescu wrote:
# slapcat -n0 | grep -C 5 '^(olcRootDN|olcRootPW)' olcAccess: {0}to * by * none olcAddContentAcl: TRUE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=config olcSyncUseSubentry: FALSE olcMonitoring: FALSE structuralObjectClass: olcDatabaseConfig entryUUID: ed743d3a-adc6-102f-9a18-f1967b980507 creatorsName: cn=config
If those options are missing, you could try rebuilding your config from scratch from your own slapd.conf, by explicitly setting those options with this config snippet:
database config rootdn "cn=admin,dc=example,dc=org" rootpw xxx
That would involve moving your existing /etc/ldap/slapd.d and /var/lib/ldap directories out of the way and regenerating them.
So I have to regenerate all configuration and database files?
I might have done something wrong, but it seems pretty strange that a default Debian installation wouldn't provide the config user/password for this.
I have discovered this myself, and I personally just rebuild from my own slapd.conf. I just took a look at the debian/slapd.conf template file in squeeze, which presumably is what the package installation uses to ultimately generate the slapd.d config backend. I've copied it here:
http://web.olp.net/dwhite/openldap/slapd-squeeze-default.conf
This config is missing two pretty important items in my opinion:
authz-regexp "gidNumber=0\+uidNumber=0,cn=peercred,cn=external,cn=auth" "cn=admin,@SUFFIX@"
and
database config rootdn "cn=admin,@SUFFIX@"
See:
http://www.openldap.org/lists/openldap-technical/201101/msg00047.html