(Copy for the list)
Ulrich Windl Ulrich.Windl@rz.uni-regensburg.de schrieb am 24.01.2017 um 13:19
in Nachricht 58875475.ED38.00A1.0@rz.uni-regensburg.de:
lejeczek peljasz@yahoo.co.uk schrieb am 23.01.2017 um 17:59 in Nachricht
ff479edd-d352-2357-9275-9a66ed520be0@yahoo.co.uk:
hi everybody, this must be one of the most ancient questions - but browsing (centos') local docs reveal nothing. I'd imagine passwords is that first & most important thing everybody does to make sure slapd is secured, something like "mysql_secure_installation"
I'm trying to do something I'd think is simple and should just work, but, I'm wrong, so I do:
slapadd -v -n0 <<EOL dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config
olcRootDN: cn=admin,cn=config olcRootPW:: exxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
EOL
and I get in return: slapadd: could not add entry dn="olcDatabase={0}config,cn=config" (line=1): autocreation of "olcDatabase={-1}frontend" failed
What about: dn: cn=config objectClass: olcGlobal cn: config [...] dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema [...] dn: olcDatabase={-1}frontend,cn=config objectClass: olcDatabaseConfig olcAccess: ... [...] dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: ... [...] olcRootDN: cn=config olcRootPW: {SSHA}...
Regards, Ulrich
So that question - how does one secure ldap installation? But I'd insist on not referring something like "slaptest and convert old school to ..." or .. edit config file(s) What I think is - I have a clean installation which is configured in probably best possible way but missing is: olcRootDN, olcRootPW How to use slapadd for it? Is slapadd not the right tool for this?
many thanks, L.
openldap-technical@openldap.org
-
Ulrich Windl