Hi Torsten,
Thanks for your help!
On 07/03/11 17:37, Torsten Schlabach (Tascel eG) wrote:
Take a look at the olcAccess attribute values of your cn=config database. This should tell you who's allowed to read it or not.
I did add a value to try and make this work (see below), but perhaps I haven't done all that's necessary.
It depends where your cn=config data comes from, but in many examples you will find an olcAccess attribute granting write access to a DN called cn=admin,cn=config. You need to have that object in your cn=config database then and it should have the password attribute set.
Post the olcAccess sections of your LDIF here, I think this may help.
Here is my olcDatabase={0}config.ldif, with some comments:
dn: olcDatabase={0}config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external ,cn=auth manage by * break # This one added by me recently: olcAccess: {0}to * by dn.exact=cn=admin,cn=config manage by * break structuralObjectClass: olcDatabaseConfig entryUUID: 9dfea13e-dd1c-102f-8cc4-2fe95e0d0dbe creatorsName: cn=config createTimestamp: 20110307153755Z entryCSN: 20110307153755.993390Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20110307153755Z # These two added by me recently: oldRootDN: cn=admin,cn=config olcRootPW: config
So it looks like I just need to make sure I have the cn=admin,cn=config object in my database. And I think I can probably add it using the magic -Y EXTERNAL method and ldapadd. However, I don't know how to construct it - what objectClass should it have?
Gerv