Can't access cn=config through Apache Directory Studio GUI
I am quite familiar with openldap
. The dynamic configuration is quite new to me. So I wanted to make life easier and change openldap
configuration through Apache Directory Studio GUI.
Openldap
is installed on Debian Jessie and Version slapd 2.4.40+dfsg-1+deb8u1 amd64
Tried to follow this way: http://gos.si/blog/installing-openldap-on-debian-squeeze-with-olc
But I can't access it:
ldapsearch -b cn=config -D cn=admin,dc=domain -W
result: 32 No such object
First I thought it has to do with the ACLs and removed everything, but no change.
ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config
works
So why does the olcRootDN have no rights? Also in the GUI I don't see the cn=config. Thanks in advance for any help!
So I answer it by myself, got it now, big confusion and misunderstanding of the dynamic configuration. Maybe someone has the same problem:
There is a difference between olcRootDN
in dn: olcDatabase={1}mdb,cn=config and dn: olcDatabase={0}config,cn=config
in my case the olcRootDN
in olcDatabase={0}config,cn=config
was not set at all. So I added it like explained in the link and also olcRootPW
.
Now I can access the cn=config
in Apache Directory Studio GUI and edit it comfortable. It is good to have two different Passwords to not accidently delete something in cn=config
@Adambean asks how OP did it.
One way to do it is to create an ldif (e.g. config.ldif) file containing:
# uncomment this part, if there is no olcRootDN present
# use replace instead of add, if you want to change the root dn
#dn: olcDatabase={0}config,cn=config
#changetype: modify
#add: olcRootDN
#olcRootDN: cn=admin,cn=config
dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootPW
olcRootPW: <secret>
You can generate a secret using:
sudo slappasswd
Then simply copy/paste the {SHAA}blahblahhashvaluegoeshereblah
into the olcRootPW: <field>
of your ldif file.
And modify it with ldapmodify
sudo ldapmodify -Y EXTERNAL -H ldapi:// -f config.ldif
That should do it.