# generate directory manager's password
{SSHA}xxxxxxxxxxxxxxxxxxxxxxxx
# specify the password generated above for "olcRootPW" section
dn: olcDatabase={1}monitor,cn=config
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
read by dn.base="cn=Manager,dc=foo,dc=bar" read by * none
dn: olcDatabase={2}mdb,cn=config
dn: olcDatabase={2}mdb,cn=config
olcRootDN: cn=Manager,dc=foo,dc=bar
dn: olcDatabase={2}mdb,cn=config
olcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx
dn: olcDatabase={2}mdb,cn=config
olcAccess: {0}to attrs=userPassword,shadowLastChange by
dn="cn=Manager,dc=foo,dc=bar" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=Manager,dc=foo,dc=bar" write by * read
#> ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifying entry "olcDatabase={1}monitor,cn=config"
modifying entry "olcDatabase={2}mdb,cn=config"
modifying entry "olcDatabase={2}mdb,cn=config"
modifying entry "olcDatabase={2}mdb,cn=config"
modifying entry "olcDatabase={2}mdb,cn=config"
objectclass: organization
dn: cn=Manager,dc=foo,dc=bar
objectClass: organizationalRole
description: Directory Manager
dn: ou=People,dc=foo,dc=bar
objectClass: organizationalUnit
dn: ou=Group,dc=foo,dc=bar
objectClass: organizationalUnit
#> ldapadd -x -D cn=Manager,dc=foo,dc=bar -W -f basedomain.ldif
Enter LDAP Password: # directory manager's password
adding new entry "dc=foo,dc=bar"
adding new entry "cn=Manager,dc=foo,dc=bar"
adding new entry "ou=People,dc=foo,dc=bar"
adding new entry "ou=Group,dc=foo,dc=bar"