The root (and the rootdn)


First we have to add information our OpenLDAP server what "root suffix" we want to serve. The "root suffix" is something like the domain name in DNS/NIS or the realm in kerberos. We usually use the same name - redflo.de here. The root suffic is set up in the slapd.,conf file:

suffix "dc=redflo,dc=de"

What means "dc=". The "dc" is definded in /etc/openldap/schema/core.schema as 'domainComponent'.

We also add the rootdn:
rootdn "cn=Manager,dc=redflo,dc=de"

where "cn" means "commonName". rootdn means "root distinguished name". What the hell is a rootdn? Simple. It's the "root" user of your ldap server. Even if we limit access to entries in our "domain" later, the rootdn can read or modify everything! It's grotesque, but for now we put a cleartext password for the rootdn in the slapd.conf file:

rootpw secret

We will change it later.