[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Modify cn=config

To: Dan White <dwhite@olp.net>
Subject: Re: Modify cn=config
From: Clément OUDOT <clem.oudot@gmail.com>
Date: Wed, 28 Nov 2012 09:39:15 +0100
Cc: "Rob \"Bubba\" Hines" <rob@hines57.com>, openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=lc5eUi58CnV4qt2txMyNVNjDIe0NzlEghDP9w67ihN0=; b=dBgyYezR8AU87Op8OpYxdy9kIwrhHNwjlbBNcRuw56d+EF2fIgD44cEipEvp6TfHLH MwHPnQc7VhFAK1h2I2GdjFA2XKIhk6UGuDk/Tz4Yu6oHcbT1+7gxqW740YYlWAAYHCN8 axG5B3kGuKi/+JhrUxgjRA/ijXOVQ2YqICPhBElBy68QeHXwk+umdv7Osw3JVXOcNXg8 7E8itTDRpcXFbC4UI1Fhs8MynbMGcC4JUqDd04VoV5qSIStKHPPyyZ/4icCVm6S+EBNa tNb6WPL2BCJ+Bv47FtNvCnoqHoRpm3HDrmr4Wn+eukvmYXe6o/YzCSHlFVh5JIE8mCzd D/dg==
In-reply-to: <20121127175924.GI6509@dan.olp.net>
References: <50B4E257.4050404@hines57.com> <20121127175924.GI6509@dan.olp.net>

2012/11/27 Dan White <dwhite@olp.net>:
> On 11/27/12 10:55 -0500, Rob "Bubba" Hines wrote:
>>
>> It's been a while since I touched LDAP, so I'm new to the latest
>> configuration changes. Admittedly, I find it aggravating that I can't simply
>> shutdown the LDAP server and modify the configuration, and start it back up.
>>
>> Regardless, my intern stuck the wrong paths in for the TLSCerts, ldap will
>> not start up now ... I need to modify cn=config with the correct paths, but
>> I can't figure out how to get slap* to do it. It hates my ldif, and I just
>> want a simple way to change those three paths. I assume that somewhere in
>> the arcane knowledge that is LDAP, there is a simple solution. But my Google
>> FU has failed me, tho it has served up numerous threads that talk around the
>> problem without providing a solution (or the solution provided was simply
>> 'use slapadd' with no direction on how to 'use slapadd').
>>
>> Here is the latest ldif I've attempted to use (to no avail) with slapadd:
>> dn: cn=config
>> objectClass: olcGlobal
>> cn: config
>> olcTLSCACertificateFile: /etc/ldap/tls/cacert.pem
>> olcTLSCertificateFile: /etc/ldap/tls/slapd.d/slapd_cert.pem
>> olcTLSCertificateKeyFile: /etc/ldap/tls/slapd.d/slapd_key.pem
>>
>> I assume I just don't know how to write a correct LDIF. But I would
>> appreciate any help in modifying cn=config with the server down.
>
>
> The following uses the slapcat/slapadd method to modify your config (in the
> case where slapd is not running).  Adjust your paths and permissions
> accordingly:
>
> cd /etc/ldap
> cp -a slapd.d/ /var/backups/slapd.d-pre-tls-change
> mv slapd.d slapd.d.old
> mkdir slapd.d
> chown openldap:openldap slapd.d
> chmod 755 slapd.d
> slapcat -n0 -F /etc/ldap/slapd.d.old/ > /tmp/config-in-portable-format.ldif
> <edit the ldif>
> slapadd -n0 -F /etc/ldap/slapd.d -l /tmp/config-in-portable-format.ldif

Hi,

I wrote a little OpenLDAP init script that provide 'backupconfig' and
'restoreconfig' actions. You can find it here:
http://ltb-project.org/wiki/documentation/openldap-initscript

It can also backup/restore the data.

Hope it helps,

Clément.

References:
- Modify cn=config
  - From: "Rob \"Bubba\" Hines" <rob@hines57.com>
- Re: Modify cn=config
  - From: Dan White <dwhite@olp.net>

Prev by Date: Re: Problems getting mdb_stat to work
Next by Date: Re: Difference between 2.4.30 and 2.3.43 in certificateMatch.
Index(es):
- Chronological
- Thread