Can't access cn=config through Apache Directory Studio GUI
I am quite familiar with openldap. The dynamic configuration is quite new to me. So I wanted to make life easier and change openldap configuration through Apache Directory Studio GUI.
Openldap is installed on Debian Jessie and Version slapd 2.4.40+dfsg-1+deb8u1 amd64
Tried to follow this way: http://gos.si/blog/installing-openldap-on-debian-squeeze-with-olc
But I can't access it:
ldapsearch -b cn=config -D cn=admin,dc=domain -W
result: 32 No such object
First I thought it has to do with the ACLs and removed everything, but no change.
ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config works
So why does the olcRootDN have no rights? Also in the GUI I don't see the cn=config. Thanks in advance for any help!
So I answer it by myself, got it now, big confusion and misunderstanding of the dynamic configuration. Maybe someone has the same problem:
There is a difference between olcRootDN in dn: olcDatabase={1}mdb,cn=config and dn: olcDatabase={0}config,cn=config
in my case the olcRootDN in olcDatabase={0}config,cn=config was not set at all. So I added it like explained in the link and also olcRootPW.
Now I can access the cn=config in Apache Directory Studio GUI and edit it comfortable. It is good to have two different Passwords to not accidently delete something in cn=config
@Adambean asks how OP did it.
One way to do it is to create an ldif (e.g. config.ldif) file containing:
# uncomment this part, if there is no olcRootDN present
# use replace instead of add, if you want to change the root dn
#dn: olcDatabase={0}config,cn=config
#changetype: modify
#add: olcRootDN
#olcRootDN: cn=admin,cn=config
dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootPW
olcRootPW: <secret>
You can generate a secret using:
sudo slappasswd
Then simply copy/paste the {SHAA}blahblahhashvaluegoeshereblah into the olcRootPW: <field> of your ldif file.
And modify it with ldapmodify
sudo ldapmodify -Y EXTERNAL -H ldapi:// -f config.ldif
That should do it.