On 28/01/11 12:06 -0800, Howard Chu wrote:
Dan White wrote:
This config is missing two pretty important items in my opinion:
authz-regexp "gidNumber=0\+uidNumber=0,cn=peercred,cn=external,cn=auth" "cn=admin,@SUFFIX@"
and
database config rootdn "cn=admin,@SUFFIX@"
Your recommendation assumes that a typical slapd installation has only one main database, and the local host sysadmin is also the LDAP DB admin. In other scenarios where there are multiple databases, it's more appropriate to leave the cn=config rootdn at its default and separate the role of slapd administrator from regular database admin.
I now understand that reasoning.
The approach that package maintainers, like Debian, have taken is:
Answer these 3 basic questions and you've got a minimally functioning server.
If you like, customize slapd.conf to your heart's content, and restart.
But that approach no longer works with the move to the config backend. To be fair, it's not really feasible to have a one-size-fits-all config within the package that's going to lead to a robust installation.
I suppose the correct approach would be for the package to offer to configure a rootdn and rootpw for the config backend on installation, however, since the package that will be released with squeeze will probably not have those options, it's inevitable that the OP's question is going to be posted here a lot, and generally annoy list members.