openLDAP question

Fernando Gozalo fgozalo0 at alumno.uned.es
Tue May 11 17:02:00 UTC 2004 

> I regret that in the interest of brevity I did not make myself
> clearer.  I have slapd running, and I believe from experiments that
> the configuration file for this is /etc/openldap/slapd.conf.  My
> difficulty is in getting myself connected to the ldap server to
> create entries.  I am not clear on the role of the cn=Manger token in
> the config file for the binddn and rootbinddn entries.  Is this a
> required value or can any arbitrary name be chosen?  Could the name
> be changed to "manager" or even "root"? What are the implications?
> Can the name be changed later or is the initial selection fixed?  If
> one changes the name what other administrative tasks are required to
> make it work? Why would I not wish to have the rootbinddn set to
> cn=root,dn=harte-lyne,dn=ca  for instance?  I gather that one is
> required to put a password in /etc/ldap.secret.  Is this password an
> arbitrary one used only for ldap or must it match the password
> assigned to root for the system?
>

Hi,

I think you have the answer in openldap documentation,
http://www.openldap.org/doc/admin22/slapdconfig.html:

=================================================
5.2.3.5. rootdn <DN>

This directive specifies the DN that is not subject to access control or
administrative limit restrictions for operations on this database. The DN
need not refer to an entry in this database or even in the directory. The
DN may refer to a SASL identity.

Entry-based Example:

        rootdn "cn=Manager,dc=example,dc=com"

SASL-based Example:

        rootdn "uid=root,cn=example.com,cn=digest-md5,cn=auth"

See the SASL Authentication section for information on SASL authentication
identities.
5.2.3.6. rootpw <password>

This directive can be used to specifies a password for the DN for the
rootdn (when the rootdn is set to a DN within the database).

Example:

        rootpw secret

It is also permissible to provide hash of the password in RFC 2307 form.
slappasswd(8) may be used to generate the password hash.

Example:

        rootpw {SSHA}ZKKuqbEKJfKSXhUbHG3fG8MDn9j1v4QN

The hash was generated using the command slappasswd -s secret.
=================================================


Fernando.

More information about the users mailing list