On 01/23/2017 11:59 AM, lejeczek wrote:
hi everybody, this must be one of the most ancient questions - but browsing (centos') local docs reveal nothing. I'd imagine passwords is that first & most important thing everybody does to make sure slapd is secured, something like "mysql_secure_installation"
I'm trying to do something I'd think is simple and should just work, but, I'm wrong, so I do:
slapadd -v -n0 <<EOL dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config
olcRootDN: cn=admin,cn=config olcRootPW:: exxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
EOL
and I get in return: slapadd: could not add entry dn="olcDatabase={0}config,cn=config" (line=1): autocreation of "olcDatabase={-1}frontend" failed
So that question - how does one secure ldap installation? But I'd insist on not referring something like "slaptest and convert old school to ..." or .. edit config file(s) What I think is - I have a clean installation which is configured in probably best possible way but missing is: olcRootDN, olcRootPW How to use slapadd for it? Is slapadd not the right tool for this?
many thanks, L.
review the package scripts for the rpm:
rpm -q --scripts openldap-servers
there is a post-install section that builds a default database for you. it is based on the info in /usr/share/openldap-servers/slapd.ldif (at least on fedora 24). when you install the package, you should be able to adjust the settings in cn=config and move on.
as root you will have access via the ldapi:// interface because of the default ACL allowing anyone with UID and GID of 0 to access the instance via the socket interface.