openldap – mjs.fyi Technology, Cyber Security, Digital Transformation, and Beer Tue, 02 Oct 2012 02:11:31 +0000 en-US hourly 1 https://wordpress.org/?v=6.6.1 OpenLDAP: Bootstrapping a minimal cn=config /2012/10/openldap-bootstrapping-a-minimal-cnconfig/ /2012/10/openldap-bootstrapping-a-minimal-cnconfig/#respond Tue, 02 Oct 2012 02:11:31 +0000 http://linux.uits.uconn.edu/mas02041/?p=226 Here is how to bootstrap OpenLDAP’s slapd with an absolutely minimal configuration, without needing an intermediate slapd.conf, with one feature — the local root user (uid=0/gid=0) has “manage” access.  From this point, ldapmodify can be used via ldapi to continue making configuration changes.  This is a good way to start a new server configuration.

Bootstrap:

$> echo 'dn: cn=config
objectClass: olcGlobal
cn: config

dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: to dn.subtree="cn=config" by dn=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * none
' | slapadd -n0 -F slapd.d

Start slapd:

#> slapd -F slapd.d -h ldapi://foo

Make changes via ldapmodify:

#> ldapmodify -Y EXTERNAL -H ldapi://foo ...
]]>
/2012/10/openldap-bootstrapping-a-minimal-cnconfig/feed/ 0