Quanah Gibson-Mount wrote:--On Thursday, April 18, 2013 7:18 AM -0300 Diego Woitasen <diego@woitasen.com.ar> wrote:I know that I could remove it from the filesystem, but I wouldn't.You can use slapcat -n 0 to export your cn=config database to LDIF. Modify the LDIF for cn=config to no longer reference back-shell, and then reload your cn=config DB using slapadd -n 0.IIRC the official OpenLDAP developer statement about this approach was up to now: Don't do that!
No, using slapcat/slapadd has been the only supported method. The "Don't Do That" is manually editing the files under cn=config.
Personally I'd like to see some sort of offline mode for slapd that allows you to purely edit cn=config over ldapi:/// where slapd only accepts connections from the rootdn, and will only respond to queries against the cn=config DIT.Well, the ldapi:/// thing already works. Only for default builds deleting something from cn=config does not work at all.
Incorrect. By default ldapi:/// would allow any client connecting over ldapi:/// to query any part of the DIT. And I have a number of such clients. Please re-read my description.
--Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration