Dan White wrote:
I have discovered this myself, and I personally just rebuild from my own
slapd.conf. I just took a look at the debian/slapd.conf template file in
squeeze, which presumably is what the package installation uses to
ultimately generate the slapd.d config backend. I've copied it here:
http://web.olp.net/dwhite/openldap/slapd-squeeze-default.conf
This config is missing two pretty important items in my opinion:
authz-regexp
"gidNumber=0\\\+uidNumber=0,cn=peercred,cn=external,cn=auth"
"cn=admin,@SUFFIX@"
and
database config
rootdn "cn=admin,@SUFFIX@"
See:
http://www.openldap.org/lists/openldap-technical/201101/msg00047.html
Your recommendation assumes that a typical slapd installation has only one
main database, and the local host sysadmin is also the LDAP DB admin. In other
scenarios where there are multiple databases, it's more appropriate to leave
the cn=config rootdn at its default and separate the role of slapd
administrator from regular database admin.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/