meta data for this page
  •  

This is an old revision of the document!


Utils

cn=config

Historically OpenLDAP has been statically configured, that is, to make a change to the configuration the slapd.conf file was modified and slapd stopped and started. In the case of larger users this could take a considerable period of time and had become increasingly unacceptable as an operational method.

Typically in your OpenLDAP installation you have at least two trees:

  • One is the DIT (“data information tree”) where you enter your nodes
    • access by “cn=admin,dc=example,dc=org”
    • default password “admin”
  • One is cn=config, where the configuration information is put (which can be manipulated with just the same LDAP commands, as itself is setup as a DIT!).
    • access by “cn=admin,cn=config”
    • default password “config”
$ ldapsearch -x -W -LLL -s base -D 'cn=admin,cn=config' -b 'cn=config' dn
Enter LDAP Password: 
dn: cn=config
$ ldapsearch -x -W -LLL -D 'cn=admin,cn=config' -b 'cn=config' dn
Enter LDAP Password: 
...
dn: olcDatabase={1}mdb,cn=config
...
$ ldapsearch -x -W -LLL -D 'cn=admin,cn=config' -b 'cn=config' 'olcDatabase={1}mdb'
Enter LDAP Password: 
 
dn: olcDatabase={1}mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {1}mdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=example,dc=org
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by dn="cn=admin,dc=example,dc=org" write by anonymous auth by * none
olcAccess: {1}to * by self read by dn="cn=admin,dc=example,dc=org" write  by * none
olcLastMod: TRUE
olcRootDN: cn=admin,dc=example,dc=org
olcRootPW: {SSHA}abcdef...
olcDbCheckpoint: 512 30
olcDbIndex: uid eq
olcDbIndex: mail eq
olcDbIndex: memberOf eq
olcDbIndex: entryCSN eq
olcDbIndex: entryUUID eq
olcDbIndex: objectClass eq
olcDbMaxSize: 1073741824