Dan White wrote:
On 28/01/11 16:54 +0200, Razvan Deaconescu wrote:
Hi!
I've browsed the configuration page for slapd[1] and it mentions that, for starting from version 2.3, "The LDAP configuration engine allows all of slapd's configuration options to be changed on the fly, generally without requiring a server restart for the changes to take effect."
What is the user and password required to update the LDAP configuration database?
I'm using slapd 2.4.23-7 on a Debian Squeeze (testing). I've tried using the admin user (cn=admin,dc=...,dc=...) and it fails. This link[2] mentions using the cn=admin,dc=config account and a password found in ldap.secret. I've not found that file and don't know what is the password for the cn=admin,dc=config account.
Try 'slapcat -n0', and see what, if any, olcRootDN and olcRootPW settings you have listed under olcDatabase={0}config,cn=config. The config backend maintains it's own rootdn and rootpw settings.
If those options are missing, you could try rebuilding your config from scratch from your own slapd.conf, by explicitly setting those options with this config snippet:
database config rootdn "cn=admin,dc=example,dc=org" rootpw xxx
You can't set the "rootpw" for a "rootdn" outside the naming context of a database. Either set
database config rootdn "cn=admin,dc=example,dc=org"
or
database config rootdn "cn=admin,cn=config" rootpw xxx
In the first case, the user "cn=admin,dc=example,dc=org" will need to authenticate otherwise (e.g. from within another database, or using SASL).
That would involve moving your existing /etc/ldap/slapd.d and /var/lib/ldap directories out of the way and regenerating them.
Another option might be to stop slapd, and manually edit the /etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif file to add those options, but I believe that approach is considered unsupported.
Manually modifying those files is *strongly discouraged*.
p.