[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: I can't delete a shell DB



--On Thursday, April 18, 2013 4:58 PM +0200 Michael StrÃder <michael@stroeder.com> wrote:

Quanah Gibson-Mount wrote:
--On Thursday, April 18, 2013 7:18 AM -0300 Diego Woitasen
<diego@woitasen.com.ar> wrote:

I know that I could remove it from the filesystem, but I wouldn't.

You can use slapcat -n 0 to export your cn=config database to LDIF.
Modify the LDIF for cn=config to no longer reference back-shell, and
then reload your cn=config DB using slapadd -n 0.

IIRC the official OpenLDAP developer statement about this approach was up
to now: Don't do that!

No, using slapcat/slapadd has been the only supported method. The "Don't Do That" is manually editing the files under cn=config.


Personally I'd like to see some sort of offline mode for slapd that
allows you to purely edit cn=config over ldapi:/// where slapd only
accepts connections from the rootdn, and will only respond to queries
against the cn=config DIT.

Well, the ldapi:/// thing already works.
Only for default builds deleting something from cn=config does not work
at all.

Incorrect. By default ldapi:/// would allow any client connecting over ldapi:/// to query any part of the DIT. And I have a number of such clients. Please re-read my description.

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration