Got it! I read that you could have whatever you wanted as a rootdn for config
as long as it was under "cn=config". My disconnect was I made my rootdn =
'cn=admin, dc=config" not "cn=admin, cn=config". Using dc, openldap rightly
looks for the suffix specified however you don't specify a suffix for config.
Doh!
Many thanks
Antonio Alonso <[EMAIL PROTECTED]> wrote: Hi !
In your "slapd.conf" you need to define a rootDN in the "database config"
section:
----------------------------------------------------------------------------
database config
#---
# rootdn can always read and write EVERYTHING!
#---
rootdn "cn=manager,cn=config"
rootpw secret
-----------------------------------------------------------------------------
Binding with these credential you an access (read, modify) the "cn=config"
database
BR / Antonio
---------------------------------
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Johnston
Sent: viernes, 25 de abril de 2008 12:27
To: [email protected]
Subject: Re: Openldap 2.4 and the cn=config directory
Ah, makes perfect sense. I should be able to bind to cn=config and make
standard LDAP searches and modifications while slapd is running correct?
If so, can someone provide a sample bind string and olcDatabase file for the
cn=config? I can't seem to bind to the cn=config to make my modifications.
BTW, I can bind with no problems to my LDAP database in hdb.
TIA,
Mike
Howard Chu <[EMAIL PROTECTED]> wrote: Mike Johnston wrote:
> Hi,
> I used -f & -F options to build my cn=config from my slapd.conf file.
> Everything works however, I see a directory tree created and I got the
> impression from the Openldap 2.4 admin manual first page Chap 5 "the new
> style uses a slapd backend database to store the config". I assumed it
> meant a bdb/hdb backend database not an actual disk directory tree.
Obviously a poor assumption.
> Can it use a hdb/bdb for the cn=config store?
No. Currently it is hardcoded to use back-ldif. While it may be possible to
use different backends in the future, it's unlikely that back-bdb/hdb will
ever be candidates for that purpose, since they require fairly complex
configurations themselves. I.e., to avoid the chicken-and-egg problem of
where
to get the configuration info for the underlying backend, only extremely
simple backends are suitable here.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
