slapd with cn=config - some suggestions

Mathias Gug mathiaz at
Tue Aug 26 02:31:07 UTC 2008


On Tue, Aug 26, 2008 at 02:51:25AM +0200, P. Kaluza wrote:
> On the Debian side of things, this migration is still being prepared. 
> One thing I am working currently on is a package shipping additional 
> common LDAP schemas, as well a a script to load these into slapd on 
> admin request.
> In the interest of brevity I'll just refer you to 
> and 
> for a design rationale.
> The script currently loads schemas into cn=config setups via slapadd, 
> doing this via an LDAP connection is planned for the future if I can 
> come up with a good infrastructure to authenticate this kind of connection.

Using slapadd is only safe when the slapd daemon is not running. This
use case is only found when the slapd package is being upgraded. So
supporting schema addition while slapd is running (via ldapadd) is
important. As for authentication, prompting for the administrator
credentials (dn & password) is the best option IMO.

Mathias Gug
Ubuntu Developer

More information about the ubuntu-server mailing list