[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Securing cn=config and allowing micro-engineering



--On Thursday, October 20, 2011 6:36 PM +0300 Nick Milas <nick@eurobjects.com> wrote:

Manually editing slapd.d files is the surest way of causing a problem
that prevents slapd from restarting.


OK, understood!

Obvious approach:
  slapcat -n0 -F old/slapd.d > config.ldif
  edit config.ldif
  slapadd -n0 -F new/slapd.d -l config.ldif
  test using new/slapd.d
  deploy...


OK, I see. Valuable info.

I would note that OpenLDAP 2.5 (when released) adds a "slapmodify" command per my request. It allows you to do offline modifications of cn=config in a way similar to ldapmodify. This will also keep the CRC checksum intact.

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration