====== Tips & Tricks: OpenLDAP mit cn=config ======
===== root Zugriff auf slapd-Konfiguration geben =====
''~/.ldaprc'' für root:

<file txt ~/.ldaprc>
URI       ldapi:///
BASE      cn=config
SASL_MECH EXTERNAL
</file>

==== Übersicht Server Konfiguration ====
  ldapsearch -LLL dn

==== Schema auslesen ====
  ldapsearch -b cn=schema,cn=config -LLL dn

==== Welche Verzeichnisse/Bäume sind enthalten ====
  ldapsearch -LLL '(olcSuffix=*)' olcSuffix

==== Übersicht Konfiguration des ersten (Daten-)Baums ====
  ldapsearch -b 'olcDatabase={1}mdb,cn=config' -LLL

===== LDAP ACL =====
==== lesen ====
  ldapsearch -LL -b olcDatabase={1}mdb,cn=config olcAccess

==== bearbeiten ====
<file ldif olcAccess.ldif>
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to attrs=userPassword 
  by self write 
  by dn="cn=admin,dc=example,dc=org" write 
  by anonymous auth 
  by * none
olcAccess: {1}to attrs=shadowLastChange 
  by self write 
  by dn="cn=admin,dc=example,dc=org" write 
  by * read
olcAccess: {2}to * 
  by dn="cn=admin,dc=example,dc=org" write 
  by * read

</file>

  ldapmodify -f olcAccess.ldif
===== Konfiguration bearbeiten =====
  ldapvi -Y EXTERNAL -b 'olcDatabase={1}mdb,cn=config'