No password set on install of slapd-2.4.18-0ubuntu1

On Fri, Oct 09, 2009 at 10:06:01AM -0000, Magne Rasmussen wrote:
> Public bug reported:
>
> Binary package hint: slapd
>
> 1) Ubuntu karmic (development branch) 9.10 (beta 1)
> 2) slapd_2.4.18-0ubuntu1_i386
> 3) During install or reconfigure, I expected to enter the LDAP directory admin password.
> 4) No password was asked for, so it is impossible to access the LDAP unless I manually add an 'olcRootPW' entry to /etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif
>

A default DIT is no longer installed by the package:

openldap (2.4.17-1ubuntu3) karmic; urgency=low

   * Install a minimal slapd configuration instead of creating a default
     database with a default DIT:
     + Move openldap user home from /var/lib/ldap to /nonexistent.
     + Remove all code and templates dealing with the default database and DIT
       creation.
     + Add an Authz map from root user (UID=0) to cn=localroot,cn=config and
       grant all access to the latter in the cn=config database as well as the
       default backend configuration.
   * Add cn=localroot,cn=config authz mapping on upgrades.

 -- Mathias Gug <email address hidden> Tue, 11 Aug 2009 14:48:56 -0400

There isn't a default LDAP directory admin password anymore. Instead the
cn=config tree is accessible when connecting as root using the SASL
external mechanism under the ldapi connection.

Example:

  sudo ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config"

  status invalid

--
Mathias Gug
Ubuntu Developer http://www.ubuntu.com

From https://help.ubuntu.com/9.10/serverguide/C/openldap-server.html
"The installation process will prompt you for the LDAP directory admin password and confirmation."

The documentation in the Ubuntu Server Guide should be changed. What is the official method to ask that? Should this bug be linked to ubuntu-docs?

@Alvin: file a new bug against ubuntu-serverguide, the package which installs the Ubuntu Server Guide :)

Note that this bug is marked Invalid, so adding stuff to it will not get much accomplished.

Have a look here:
"openldap sections in ubuntu server guide not updated for packages in karmic"
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/463684

https://help.ubuntu.com/9.04/serverguide/C/openldap-server.html
This documentation is still outdated when it comes to installing it. The script does NOT request a password still?

Any updates as to when this document might be updated?

I would suggest making these docs. more "wiki-like" Then, volunteers who run into the issue and wish to update the docs on their own for the benefit of the community may do so and everyone is happy. There are already 20+ messages on this bug alone. These could have been turned into productive time by updating the docs.

More info. can be seen here:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/463684

Hi atom88,

Publishing documents on a wiki isn't always appropriate. While it may be easier for people to make corrections, there can also be a negative impact on quality control. As I am sure you will agree, quality control is particularly important for server documentation. The documentation team lacks the resources to maintain an editorial team for the wiki on the scale that would be required and so we keep the server guide as an "official" document.

We are always happy to review and accept patches, although we are limited by the need to go through the SRU process when we change documentation for stable releases (we can't just push changes immediately). If you are interested in contributing, please get in touch with us; details at https://wiki.ubuntu.com/DocumentationTeam and we'll be happy to help you get started.

Thanks Phil for the info. I'll look into becoming a contributor, etc.

I found this how-to that solved my problem:
http://www.howtoforge.com/install-and-configure-openldap-on-ubuntu-karmic-koala

Perhaps if we could add to the server docs. the relevant info. found here, it would be great?

Perhaps even a forum or comments link from the main documentation would be helpful? That way people could comment on the "official documentation" page, without modifying the original content? Just an idea?