Red Hat ENTERPRISE LINUX 4.5.0 Reference Manual page 267

so that it reflects a fully qualified domain name. For example:
suffix "dc=example,dc=com"
The entry is the Distinguished Name (DN) for a user who is unrestricted by access
rootdn
controls or administrative limit parameters set for operations on the LDAP directory. The
user can be thought of as the root user for the LDAP directory. In the configuration file, change
the line from its default value as in the following example:
rootdn
rootdn "cn=root,dc=example,dc=com"
When populating an LDAP directory over a network, change the
default value with an encrypted password string. To create an encrypted password string, type
the following command:
slappasswd
When prompted, type and then re-type a password. The program prints the resulting encrypted
password to the shell prompt.
Next, copy the newly created encrypted password into the
of the lines and remove the hash mark (
rootpw
When finished, the line should look similar to the following example:
rootpw {SSHA}vv2y+i6V6esazrIv70xSSnNAJE18bb2u
Warning
LDAP passwords, including the
/etc/openldap/slapd.conf
TLS encryption is enabled.
To enable TLS encryption, review the comments in
and refer to the man page for
For added security, the
directory by preceding it with a hash mark (
When using the
/usr/sbin/slapadd
use of the directive is not necessary.
rootpw
, are sent over the network unencrypted, unless
slapd.conf
directive should be commented out after populating the LDAP
rootpw
).
#
command line tool locally to populate the LDAP directory,
Editing
/etc/openldap/slapd.conf
rootpw
/etc/openldap/slapd.conf
).
#
directive specified in
rootpw
/etc/openldap/slapd.conf
.
rootdn
line — replacing the
on one
243