Re: ldap auth does not works after openldap upgrade
On Wed, Feb 16, 2011 at 02:51:19AM -0800, Howard Chu wrote:
>I also suspect that there may not be a valid password set on the
>cn=config suffix, so you will not be able to manage the server through
>LDAP either.
Since it's starting on ldapi:/// he should just do a SASL EXTERNAL
bind on ldapi:// using Unix root. Pretty sure Debian packages it
with the appropriate authz-regexp already configured.
I don't have a Debian Squeeze server at present so I cannot
check that.
Where is this documented? I am having great trouble finding
any clear description of how to actually access cn=config in
the bootstrap case. Similarly I cannot find anything that
clearly describes the use of SASL EXTERNAL with ldapi.
If you can point me at some authoritative statements I will
propose a patch for the Admin Guide.
Andrew
--
-----------------------------------------------------------------------
| From Andrew Findlay, Skills 1st Ltd |
| Consultant in large-scale systems, networks, and directory services |
| http://www.skills-1st.co.uk/ +44 1628 782565 |
-----------------------------------------------------------------------