On 01/28/2011 05:24 PM, Dan White wrote:
On 28/01/11 16:54 +0200, Razvan Deaconescu wrote:
Hi!
I've browsed the configuration page for slapd[1] and it mentions that, for starting from version 2.3, "The LDAP configuration engine allows all of slapd's configuration options to be changed on the fly, generally without requiring a server restart for the changes to take effect."
What is the user and password required to update the LDAP configuration database?
I'm using slapd 2.4.23-7 on a Debian Squeeze (testing). I've tried using the admin user (cn=admin,dc=...,dc=...) and it fails. This link[2] mentions using the cn=admin,dc=config account and a password found in ldap.secret. I've not found that file and don't know what is the password for the cn=admin,dc=config account.
Try 'slapcat -n0', and see what, if any, olcRootDN and olcRootPW settings you have listed under olcDatabase={0}config,cn=config. The config backend maintains it's own rootdn and rootpw settings.
There is only the olcRootDN setting: --- # slapcat -n0 | grep -C 5 '^(olcRootDN|olcRootPW)' olcAccess: {0}to * by * none olcAddContentAcl: TRUE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=config olcSyncUseSubentry: FALSE olcMonitoring: FALSE structuralObjectClass: olcDatabaseConfig entryUUID: ed743d3a-adc6-102f-9a18-f1967b980507 creatorsName: cn=config ---
If those options are missing, you could try rebuilding your config from scratch from your own slapd.conf, by explicitly setting those options with this config snippet:
database config rootdn "cn=admin,dc=example,dc=org" rootpw xxx
That would involve moving your existing /etc/ldap/slapd.d and /var/lib/ldap directories out of the way and regenerating them.
So I have to regenerate all configuration and database files?
I might have done something wrong, but it seems pretty strange that a default Debian installation wouldn't provide the config user/password for this.
Razvan