0

I am very new to LDAP configuration. So I hope somebody can help me. I just installed an OpenLDAP server on an Ubuntu 10.4 system. My LDAP installation does not use/have any ldap.conf or slapd.conf files.

Currently it is possible to read all LDAP entries as anonymous user, I would like to prohibit that.

I googled a lot and I found only articles that described how I can deactivate anonymous access with entries in the ldap.conf or slapd.conf. But my installation does not have these files for some reason. When I create those files, add the described lines and restart the ldap server, it has no effect.

Scott Pack
  • 14,907
  • 10
  • 53
  • 83
Benjamin Groener
  • 3
  • 2

1 Answers1

0

You need to connect to the cn=config dit with an ldap client and set the security up that way. I don't think I've setup openldap under Ubuntu but it may have prompted you for some administrative credentials. Use those.
If you don't have them its possible to reset the password. The whole configuration is stored as a series of directories and ldif files under the openldap config directory. Inside the ldif file that I believe is called cn=config.ldif there will be a line with a key of olcRootDN and another called olcRootPW. The root dn is your username and the root pw is the password. Its probably hashed but you can temporarily set it to a plain text value. There is also a ldap password tool that you can pass the correct command line options to give you the hashed & salted value to put in the file if you are very worried about having a plain text password even temporarily.

Sam Corder
  • 116
  • 1
  • Hi Sam, thanks a lot for your answer! With your help now I know how set the my configs right. And finally I managed to prohibit anonymous acces to my ldap! – Benjamin Groener Nov 18 '11 at 12:42