Hello,
I have recently taken over a bunch of systems controlled by an LDAP database - however, the previous admin. didn't add me to the needed group so that I can fully administer the LDAP directory.
Is there a way I can force LDAP to add me to this group? I have root access to the Linux server where the OpenLDAP system is hosted, if that helps. I've tried changing the .acl documents - that didn't seem to work to allow me to add myself to that group. This is a production system, so taking it down for a long period of time, or messing it up, would be bad.
Thanks for any help,
Brian
Le 06/09/2012 13:58, Brian Green a écrit :
Hello,
I have recently taken over a bunch of systems controlled by an LDAP database - however, the previous admin. didn't add me to the needed group so that I can fully administer the LDAP directory.
Is there a way I can force LDAP to add me to this group? I have root access to the Linux server where the OpenLDAP system is hosted, if that helps. I've tried changing the .acl documents - that didn't seem to work to allow me to add myself to that group. This is a production system, so taking it down for a long period of time, or messing it up, would be bad.
Quick recovery procedure: - edit slapd.conf to add a rootdn and a rootpw of your choice - restart slapd - commit your changes using rootdn - revert slapd.conf to original version - restart slapd
You can even keep something like this permanently in your configuration file to make it clear:
# only use rootdn in case of emergency rootdn cn=root,dc=suffix,dc=tld #rootpw root
openldap-technical@openldap.org
-
Brian Green -
Guillaume Rousse