[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7786) Impossible to modify cn=config if olcDbDirectory doesn't exist

Howard Chu wrote:
> pierangelo.masarati@polimi.it wrote:
>> On 01/15/2014 09:59 AM, raphael.ouazana@linagora.com wrote:
>>> Full_Name: Raphael Ouazana
>>> Version: 2.4.38
>>> OS: Linux
>>> URL: ftp://ftp.openldap.org/incoming/
>>> Submission from: (NULL) (
>>> Hi,
>>> I have an old configuration that I would like to export/reimport. The
>>> olcDbDirectory item of this configuration contains a directory that does not
>>> longer exist.
>>> It it then impossible to modify the parameter:
>>> - I was told not to edit directly LDIF config files
>>> - if i try a slapcat -n0 I get:
>>> 52d64c91 olcDbDirectory: value #0: invalid path: No such file or directory
>>> 52d64c91 config error processing olcDatabase={2}hdb,cn=config: olcDbDirectory:
>>> value #0: invalid path: No such file or directory
>>> slapcat: bad configuration directory!
>>> I think slapcat should always allow to export a configuration.
>> I see the point; slapcat is failing because to export the configuration
>> (c->op == SLAP_CONFIG_EMIT) it needs to read the configuration first,
>> and it reads the whole config tree.
>> Perhaps when slapcat of only the config database is requested, config
>> parsing should skip other databases, or at least ignore errors, if possible.
> Agreed, we definitely need this.

But it's not clear that it's entirely feasible without major structural 
changes to back-config. In particular, later config items may depend on 
earlier ones succeeding (e.g., loading a module or reading a schema 
definition). So we can't simply no-op everything while running slapcat, nor 
can we safely ignore all errors, because we must still be able to parse all of 
the underlying config LDIF and some of it will be unparseable without 
appropriate schema being loaded.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/