[email protected] wrote: > On Wed, Feb 16, 2011 at 11:50:21AM +0000, Andrew Findlay wrote: > >> Admin Guide Section 5.4. "Converting old style slapd.conf(5) file to >> cn=config >> format" suggests that it is enough to run a slapd tool with both -f and -F >> options to perform this conversion. While strictly true, this will almost >> certainly result in an un-manageable server because there is no rootPW set >> for >> cn=config. >> >> The attached patch provides guidance to avoid this trap. > > It would also be useful to copy the config database clause from > slapd-config(5) into the example in the Admin Guide: > > # set a rootpw for the config database so we can bind. > # deny access to everyone else. > dn: olcDatabase=config,cn=config > objectClass: olcDatabaseConfig > olcDatabase: config > olcRootPW: {SSHA}XKYnrjvGT3wZFQrDD5040US592LxsdLy > olcAccess: to * by * none
That ACL is already the default. In an isolated example there's no need to specify it. (It is present in the slapd-config(5) example to ensure that it takes precedence over the olcFrontendConfig ACLs immediately above it.) -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
