[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP browsers and cn=config
----- "Gervase Markham" <gerv@mozilla.org> wrote:
> On 07/03/11 21:33, Howard Chu wrote:
> > Gervase Markham wrote:
> >> On 07/03/11 17:49, Gervase Markham wrote:
> >>> oldRootDN: cn=admin,cn=config
> >> ----^
> >>
> >> And that would be the problem :-|
> >>
> >> Thank you for your help.<shuffles feet in an embarrassed fashion>
> >
> > cn=config is an LDAP database, it is not a collection of files for
> you
> > to edit by hand.
>
> Although presumably if you manage to mess up your configuration
> enough,
> that's what you have to do.
But, how did you mess it up so bad in the first place?
I've seen "you can edit the files by hand
> if
> it all goes wrong" used as an argument for using the LDIF backend for
>
> cn=config in the archives of this very mailing list, if I'm not
> mistaken.
>
> > You are supposed to use ldapmodify on it, for reasons
> > of this very nature. I.e., ldapmodify gets syntax-checked and
> stupid
> > typos of this sort get caught.
>
> But being able to edit the database is precisely the problem I had!
> It's
> rather chicken and egg.
>
> > If you had used "ldapmodify -H ldapi:/// -Y EXTERNAL" to add the
> desired
> > attributes you wouldn't have these silly problems.
>
> Yes, of course - because Real Men use commands with a minimum of 4
> command-line flags to do any operation, and if I'm not up to that, I
> can't possibly be worthy to use OpenLDAP.
echo -e "URI ldapi:///\nSASL_MECH EXTERNAL" >> ~/.ldaprc
Then you won't have to use 4 commandline flags in future.
> > If your LDAP browsers don't support ldapi:/// that's their
> deficiency...
>
> I don't even know what the "i" in ldapi is, or how it's different from
>
> ldap://. And this search of the OpenLDAP documentation is sadly
> unenlightening:
>
> http://www.google.co.uk/search?hl=en&q=ldapi%20site%3Aopenldap.org/doc
>
> Can you tell me which LDAP browsers do support this scheme? After all,
>
> the other part of my message was asking for advice on which was best.
>
>
> There are two ways you, the development team, can think about
> OpenLDAP:
Which development team shipped your config, and set you up with config editing using ldapi, but didn't think it was a good idea to populate root's .ldaprc ?
Probably not the OpenLDAP team.
Regards,
Buchan