On Wed, Feb 16, 2011 at 02:51:19AM -0800, Howard Chu wrote: > >I also suspect that there may not be a valid password set on the > >cn=config suffix, so you will not be able to manage the server through > >LDAP either. > > Since it's starting on ldapi:/// he should just do a SASL EXTERNAL > bind on ldapi:// using Unix root. Pretty sure Debian packages it > with the appropriate authz-regexp already configured.
I don't have a Debian Squeeze server at present so I cannot check that. Where is this documented? I am having great trouble finding any clear description of how to actually access cn=config in the bootstrap case. Similarly I cannot find anything that clearly describes the use of SASL EXTERNAL with ldapi. If you can point me at some authoritative statements I will propose a patch for the Admin Guide. Andrew -- ----------------------------------------------------------------------- | From Andrew Findlay, Skills 1st Ltd | | Consultant in large-scale systems, networks, and directory services | | http://www.skills-1st.co.uk/ +44 1628 782565 | -----------------------------------------------------------------------
