Re: how to edit cn=config

Scott Classen skrev, on 07-11-2007 19:00:

I am using openldap 2.4.6 (recently migrated directly from 2.3.37). I am using this for a very small community of users. I will have maybe 50-60 users.

So am I on my FC6 test machine. On my "work" site I'm still using up-to-date 2.3.

I have recently converted from using slapd.conf to using the slapd.d backend ldap database for configuring my openldap server. I am, however, unclear on the proper method to make changes to my configuration. When using slapd.conf it was fairly straight forward: edit the file with vi and restart slapd.

If you're using a client machine running X, consider installing gq (1.0.0, all later are useless) on the ldap host and sshing with '-Y -C' to the host from the client (if they're both on the same machine this latter is obviously not necessary) and running gq.

For 2.4.6 this is a true revelation compared to 2.3.x, you can configure cn=config entries through gq's GUI and browsing cn=config is a revelation. Editing is a cinch.

I've tried every other ldap GUI client there is available and gq is the only one worth using, for multiple reasons.



When using slapd.d should I directly edit the various LDIF files within the slapd.d/cn=config folder? This doesn't really seem like the proper way to do things so I haven't done this.

I'm fairly certain that I should make ldapmodify style LDIF files, but that can be a bit cumbersome for quick configuration changes. So I've started experimenting with various ldap GUI interfaces (phpldapadmin and JXplorer), thinking that they might display the entire cn=config databse in a human-readable form, but neither returns information about cn=config. Indeed a simple ldapsearch doesn't return any information either.

ldapsearch -x -D "uid=bigcheese,dc=my,dc=domain" -W "cn=config"

I know that my slapd.d backend is working because I've renamed the slapd.conf file so it is no longer recognized by slapd.

Any help or advice would be greatly appreciated.


ps I've read both the version 2.3 and 2.4 Administrator's Guide several times.

-- Tony Earnshaw Email: tonni at hetnet dot nl