Donald's picture

The defaut is 500. I would like to change it to 1000.



Jeremy Davis's picture

I'm not very familiar with OpenLDAP, so TBH I have no idea off the top of my head. But a quick google turned up this answer on ServerFault. It looks like a pretty reasonable suggestion to me...

Hope that helps.

Donald's picture

I saw that earlier. There is no slapd.conf file any more. The parameters are kept in cn=config, but I cannot figure out how to access that DN. That's my problem.

THanks for the reply.


Jeremy Davis's picture

I do see that there are a ton of slapd related man pages in /usr/share/man/man5/ so perhaps that might be worth a read?

We do have a community member who has lots of experience with OpenLDAP, so I'll try reaching out to him and see if he has any ideas and can help out.

If you beat me to it, please post back as I'm sure others would benefit from it.

Donald's picture

I looked at those. I think I know how to do it if I can access the cn=config "tree".

What I really want to do is to turn off secure authentication completely. I have some tests that exercise our home grown Ldap code. The  searches all work against the Turnkey appliance, but the add/modify/delete tests all fail with Ldap error 8 - Secure authentication required.

All this testing is being done on an inhouse environment so I am not worried about security. I just want simple authentication to be all that is required.

Googling has not helped so far. Thanks for the reply.

Quanah's picture

If the openldap installation follows normal Debian procedures, then all you need to do to access cn=config is run your commands as the root user, over the ldapi socket, using SASL/EXTERNAL.   For example: ldapsearch -Y EXTERNAL -b cn=config -H ldapi:///   Hope that helps!
Jeremy Davis's picture

You are a legend my firend! :)

@Donald - Hopefully that will do it for you!

And if not, please let us know and we should evaluate our default OpenLDAP config. If it doesn't match what Quanah noted, we should bring it back inline (unless of course there is a really good rationale - in which case we should document how this ends can be achieved).

Add new comment