+++ This bug was initially created as a clone of Bug #712494 +++ Description of problem: OpenLDAP server uses it's own LDAP database to keep server configuration (cn=config subtree). The configuration is physically stored in /etc/openldap/slapd.d. Although the configuration is in plain text files in LDIF format, upstream strongly discourages from editing the files manually in text editor. The preferred way is to use regular LDAP commands to change the configuration. After fresh OpenLDAP server installation, no ACLs are set for cn=config database. This means, that the only way to change the configuration is manual editting. Following changes should be performed in OpenLDAP default configuration: 1.) enable server slapi:/// interface (IPC socket) (SLAPD_LDAPI=yes in /etc/sysconfig/ldap) 2.) grant management ACLs for cn=config database to user root authenticated using external SASL mechanism available for IPC socket interface (the user is mapped to gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth) This will allow to work with server configuration using LDAP commands, which should be safer: ldapadd -H ldapi:/// -Y EXTERNAL ... Version-Release number of selected component (if applicable): openldap-2.4.23-15.el6
Resolved in openldap-2.4.25-1.fc16
*** Bug 750082 has been marked as a duplicate of this bug. ***