So you want to modify your config of ldap, you might want to use ldapvi, such as below:
--- Login
Type M-h for help on key bindings.
Filter or DN: cn=admin,cn=config
Password:
ldap_bind: Invalid credentials (49)
and it asks you for password. You have no clue what the password was? You might be tempted to follow this advice: http://serverfault.com/questions/377762/user-not-found-for-cn-config-in-openldap and modify che config.ldif file manually… But it is not a right thing to do. If you do so, you will likely get following error message:
So how should I add this line? To get SSHA for new password run:
Lets say the output is: {SSHA}zlj44XAKxSyO7OT78PEwxpr3gVYIep0q
Create ldif file with following content:
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}zlj44XAKxSyO7OT78PEwxpr3gVYIep0q
and now run
After changing password you can now run:
Now you ask: so what? Well, I didn’t look at my ldap server for a while, but recently I noticed following log messages:
bdb_equality_candidates: (gidNumber) not indexed
bdb_equality_candidates: (sambaSIDList) not indexed
bdb_equality_candidates: (sambaSID) not indexed
I wanted to add indexes. How would I do this? Run the mentioned ldapvi / create ldif file for “olcDatabase={1}hdb,cn=config” and modify following entries for record “olcDatabase={1}hdb,cn=config”, add:
olcDbIndex: gidNumber eq
olcDbIndex: sambaSIDList eq
olcDbIndex: sambaSID eq
olcDbIndex: sambaGroupType eq
This can be represented as following ldif:
changetype: modify
replace: olcDbIndex
olcDbIndex: cn eq
olcDbIndex: dc eq
olcDbIndex: entryCSN eq
olcDbIndex: entryUUID eq
olcDbIndex: gidNumber eq
olcDbIndex: objectClass eq
olcDbIndex: ou eq
olcDbIndex: sambaSID eq
olcDbIndex: sambaSIDList eq
olcDbIndex: uid eq
olcDbIndex: uniqueMember eq
olcDbIndex: sambaGroupType eq
awesome! i’ve been looking for the first part since ages. thanks mate! 🙂