On Mon, Mar 07, 2011 at 05:26:51PM +0000, Gervase Markham wrote:
How does one use an LDAP browser to view and change the cn=config config?
I am using the OpenLDAP 2.4.23 package from Ubuntu 10.10, and have been using both "luma" and more recently ApacheDS. I have tried an enormous number of ways all afternoon, but feel I'm stumbling in the dark. Do I have to use a special bind DN and password, or should the RootDN and password for my normal data do? If it's special, what is it? Where is it configured?
Most browsers treat the schema DN as a special case. In Apache Directory Studio, right-click on the LDAP connection and select 'open schema browser'. jXplorer has the schema in a separate panel/tab.
I can view the data using ldapsearch, as root:
ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config
You should normally be able to view schema when bound anonymously.
For permission to change it through LDAP, maybe you should be looking at ACLs rather than rootDN?
Andrew