On 4/29/22 21:25, Ryan Tandy wrote:
On Fri, Apr 29, 2022 at 05:44:38PM -0000, sparkcyf@foxmail.com wrote:
After install the openldap (slapd) from Debian package repository (using the version 2.4.57+dfsg-3~bpo10+1, database created by the dpkg configuration script provide by apt), the admin user (cn=admin,dc=example,dc=com) in could not be found either when performing ldapsearch or viewing the structure of the organisation in phpldapadmin / Apache directory studio.
Quoting from the changelog:
openldap (2.4.51+dfsg-1) unstable; urgency=medium [...] * Remove the redundant cn=admin,<suffix> entry from the default DIT for new installs. For new installs going forward, the root credentials will be stored in olcRootDN/olcRootPW only. (Closes: #821331)
This change was done to address the issue where the admin's password was stored in two places (olcRootPW and the entry's userPassword), which occasionally caused confusion if only one of the two was changed.
Makes perfect sense to me.
I'd even avoid setting a rootpw value at all.
Ciao, Michael.