Dan White wrote:
I have discovered this myself, and I personally just rebuild from my own slapd.conf. I just took a look at the debian/slapd.conf template file in squeeze, which presumably is what the package installation uses to ultimately generate the slapd.d config backend. I've copied it here:
http://web.olp.net/dwhite/openldap/slapd-squeeze-default.conf
This config is missing two pretty important items in my opinion:
authz-regexp "gidNumber=0\+uidNumber=0,cn=peercred,cn=external,cn=auth" "cn=admin,@SUFFIX@"
and
database config rootdn "cn=admin,@SUFFIX@"
See:
http://www.openldap.org/lists/openldap-technical/201101/msg00047.html
Your recommendation assumes that a typical slapd installation has only one main database, and the local host sysadmin is also the LDAP DB admin. In other scenarios where there are multiple databases, it's more appropriate to leave the cn=config rootdn at its default and separate the role of slapd administrator from regular database admin.