Re: cn=config example

[Buchan Milne <bgmilne@staff.telkomsa.net>]

On Friday 21 September 2007 06:07:47 Howard Chu wrote:
> Emmanuel Dreyfus wrote:
> > Aaron Richton <richton@nbcs.rutgers.edu> wrote:
> >> This is a concrete case of improvement: "slapd should not be silent on
> >> EACCES (or others)."
> >
> > Well, it's not silent: it sends an error to the logs.

Not if you run it in the foreground, e.g. -d config, or -d none.

> > The oddity here is that there are two functionalities blent into the
> > same program: the LDAP server and the slapd.conf to slapd.d converter.
> > Moreover, it seems the latter cannot be used without launching the
> > former.
>
> Use slaptest instead.

except that slaptest doesn't have a "run as another user" flag, and -u is 
already taken :-(.

At present, it seems that if you want to do the conversion while slapd is 
running, and for a slapd that runs as non-root, something like this is the 
best option:

# slapd -u ldap -g ldap -d none -h 
ldap://localhost:391/ -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d

As then
-The configuration will be converted
-slapd won't start up
-you will see any relevant errors
-all the files will be owned by the ldap user/group
-if it succeeds, a restart of slapd is all that is necessary to continue

Regards,
Buchan