Hello Ryan, I followed your advice to set selections. Did what I needed.
Thank you, Igor Shmukler On Tuesday, January 6, 2015, Ryan Tandy <[email protected]> wrote: > Hi Igor, > > On Tue, Jan 06, 2015 at 01:56:23PM +0100, Igor Shmukler wrote: > >> I install the server with apptitude and have LDIFs to change the root >> password and suffix. >> > > You might consider preseeding those prior to installation, using > debconf-set-selections(1). If you do want to reconfigure the suffix after > installation, dpkg-reconfigure(8) is a safe way to do that. > > In particular, if you do this: > > dn: olcDatabase={1}hdb,cn=config >> changetype: modify >> replace: olcSuffix >> olcSuffix: dc=example,dc=com >> > > and start loading new data into the existing database without deleting the > old files first, you risk running into https://bugs.debian.org/cgi- > bin/bugreport.cgi?bug=546368 . > > The olcAccess is the part that is not working as I expected. My LDIF >> runs just fine changing the name, and domain suffix. Yet, after the >> operation is complete, ldapsearch(1) start returning errors. When the >> suffix was nodomain [default left by the install] searches worked. >> > > Please provide an example ldapsearch(1) command and its output, and the > access rules currently in use (as per ldapsearch/slapcat of cn=config). I > don't see anything obviously wrong in what you posted. > > olcAccess: {2}to * by self write by dn="cn=admin,dc=example,dc=com" >> write by * read >> > > Consider the 'by self write' part of that carefully. You may not want > users modifying their own uidNumber and gidNumber, for example. (Newer > versions of the package stopped including 'by self write' in the default > ACL because of that.) > > hope that helps, > Ryan >
