--On Tuesday, February 7, 2023 10:55 AM -0500 Matthew Goebel
<[email protected]> wrote:
dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: mdb
olcDbMaxSize: 1073741824
olcSuffix: dc=my-domain,dc=com
olcRootDN: cn=Manager,dc=my-domain,dc=com
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd-config(5) for details.
# Use of strong authentication encouraged.
olcRootPW: PASSWORDNOTHERE
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
olcDbDirectory: /usr/local/var/openldap-data
# Indices to maintain
olcDbIndex: objectClass eq
You should likely delete the above database definion, unless you really
have a "dc=my-domain,dc=com" that you're serving. This just looks like the
default one that's created by RH as an example. Note that this db doesn't
allow any access either. ;)
dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: mdb
olcDbDirectory: /var/lib/ldap
olcSuffix: ou=people,o=emich.edu
olcAccess: {0}to attrs=userPassword by self write by * auth
This should most likely be "by self write by anonymous auth by * none"
olcAccess: {1}to attrs=shadowLastChange by self write by * read
olcAccess: {2}to attrs=userPKCS12 by self read by * none
olcAccess: {3}to * by * read
I'm curious what your ACL definitions were for your 2.4 config (all ACLs
including global).
# olcDbConfig: {0}set_cachesize 0 15000000 1
# olcDbConfig: {1}set_lg_regionmax 262144
# olcDbConfig: {2}set_lg_bsize 2097152
# olcDbConfig: {3}set_flags DB_LOG_AUTOREMOVE
# olcDbConfig: {4}set_lk_max_locks 30000
# olcDbConfig: {5}set_lk_max_objects 30000
Delete the above 'olcDbConfig' lines. Those were for back-bdb/hdb which
doesn't exist in 2.5+
