--On Sunday, May 1, 2022 12:21 PM +0000 butterfly-cry@qq.com wrote:
Hi guys, I have google a lot to modify cn=config but all failed. Hope someone can help. Thanks. [openldap2.6.1 CentOS7.9] My initial ldif is like below: `[root@rayc01 openldap]# more slapd.ldif |grep -v ^# dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /usr/local/openldap-2.6.1/var/run/slapd.args olcPidFile: /usr/local/openldap-2.6.1/var/run/slapd.pid
dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulepath: /usr/local/openldap-2.6.1/libexec/openldap olcModuleload: back_mdb.la
dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema
dn: olcDatabase=frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: frontend
You didn't supply a rootpw for the config rootdn, or as an alternative, you didn't provide a SASL mapping to allow SASL/EXTERNAL connections over ldapi as the root user to map the config user. You need to fix your configuration to allow the ability to assume the cn=config identity in some fashion.
Regards, Quanah