Hello Karl, Thank you for your feedback, and for providing a patch.
I made a few adjustments to your text, and noted a couple of other things that tend to surprise new users.
I wonder if you have any feedback on this version (below). Thank you, Ryan -- diff --git a/debian/slapd.README.Debian b/debian/slapd.README.Debian index a5e307f24..3afd57ca9 100644 --- a/debian/slapd.README.Debian +++ b/debian/slapd.README.Debian @@ -11,7 +11,39 @@ Notes about Debian's slapd package the OpenLDAP Admin Guide for more information, including configuration examples for common use cases. <http://www.openldap.org/doc/admin24/> -The OpenLDAP configuration +Initial slapd configuration + + Upon installation, the slapd package initializes the configuration + database (cn=config) and creates an initial database with its suffix + derived from the DNS domain configured in debconf (e.g. + dc=example,dc=com). An administrative identity (cn=admin,<suffix>) is + created to manage this database, using the password configured in + debconf, or a randomly generated password if none was set. + + If desired, the configuration and database can be re-configured by + running, as root: + + dpkg-reconfigure slapd + + Note that this command will completely reset the configuration and + data (saving a backup in /var/backups), restoring slapd to the default + initial state. + + The permissions for the configuration database (cn=config) and + directory database (dc=<domain>,dc=<tld>) are different. Upon + installation, the Unix root user is granted access to manage the slapd + configuration (cn=config database) and the directory administrator + (cn=admin,<suffix>) is granted access to manage the directory + (dc=<domain>,dc=<tld> database). This is a Debian-specific default. + + The directory administrator's password is stored in two places: in the + olcRootPW attribute of the database configuration + (olcDatabase={1}mdb,cn=config) and in the userPassword attribute of + the administrator identity itself (cn=admin,<suffix>). If the password + needs to be changed, both of those should be updated, using + ldapmodify(1) and ldappasswd(1) respectively. + +Maintaining the slapd configuration Since version 2.4.23-3 the configuration of OpenLDAP has been changed to /etc/ldap/slapd.d by default. The OpenLDAP packages in Debian provide an
