[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP browsers and cn=config

To: Howard Chu <hyc@symas.com>
Subject: Re: LDAP browsers and cn=config
From: Gervase Markham <gerv@mozilla.org>
Date: Tue, 08 Mar 2011 09:51:01 +0000
Cc: "Torsten Schlabach \(Tascel eG\)" <tschlabach@tascel.net>, openldap-technical@openldap.org
In-reply-to: <4D754F17.6050405@symas.com>
References: <4D75155B.6020901@mozilla.org> <a77c66e186561f841e2a6e9a71044222@imap.tascel.net> <4D751AA8.9070006@mozilla.org> <4D751C01.9000608@mozilla.org> <4D754F17.6050405@symas.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7

On 07/03/11 21:33, Howard Chu wrote:

Gervase Markham wrote:

On 07/03/11 17:49, Gervase Markham wrote:

oldRootDN: cn=admin,cn=config

----^

And that would be the problem :-|

Thank you for your help.<shuffles feet in an embarrassed fashion>


cn=config is an LDAP database, it is not a collection of files for you
to edit by hand.

Although presumably if you manage to mess up your configuration enough,that's what you have to do. I've seen "you can edit the files by hand ifit all goes wrong" used as an argument for using the LDIF backend forcn=config in the archives of this very mailing list, if I'm not mistaken.

You are supposed to use ldapmodify on it, for reasons
of this very nature. I.e., ldapmodify gets syntax-checked and stupid
typos of this sort get caught.

But being able to edit the database is precisely the problem I had! It'srather chicken and egg.

If you had used "ldapmodify -H ldapi:/// -Y EXTERNAL" to add the desired
attributes you wouldn't have these silly problems.

Yes, of course - because Real Men use commands with a minimum of 4command-line flags to do any operation, and if I'm not up to that, Ican't possibly be worthy to use OpenLDAP.

If your LDAP browsers don't support ldapi:/// that's their deficiency...

I don't even know what the "i" in ldapi is, or how it's different fromldap://. And this search of the OpenLDAP documentation is sadlyunenlightening:


http://www.google.co.uk/search?hl=en&q=ldapi%20site%3Aopenldap.org/doc

Can you tell me which LDAP browsers do support this scheme? After all,the other part of my message was asking for advice on which was best.



There are two ways you, the development team, can think about OpenLDAP:

A) "You have to prove your worthiness to use this software by having awide knowledge of Unix history, unwritten conventions, cryptic man-pagesand a perfect recall of command-line options. Searchable documentationon the web - pah!"

http://farm1.static.flickr.com/87/240803829_9212773615_o.png

B) "We want to lower barriers to entry and make it easier to use."

If the answer is B), then instead of telling me that I'm an idiot, youmight wish to reflect on what lessons can be learnt from my experienceto help other people in the future.

I must say that my experience with the OpenLDAP community thusfar hasnot thrilled me with joy at the prospect of using the software for myproject. I speak as someone whose day job is nurturing, growing andencouraging open source communities.


Gerv

Follow-Ups:
- Re: LDAP browsers and cn=config
  - From: Howard Chu <hyc@symas.com>
- Re: LDAP browsers and cn=config
  - From: Dieter Kluenter <dieter@dkluenter.de>
- Re: LDAP browsers and cn=config
  - From: Howard Chu <hyc@symas.com>
- Re: LDAP browsers and cn=config
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

References:
- LDAP browsers and cn=config
  - From: Gervase Markham <gerv@mozilla.org>
- Re: LDAP browsers and cn=config
  - From: Gervase Markham <gerv@mozilla.org>
- Re: LDAP browsers and cn=config
  - From: Gervase Markham <gerv@mozilla.org>
- Re: LDAP browsers and cn=config
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: LDAP single sign on with samba
Next by Date: Re: LDAP single sign on with samba
Index(es):
- Chronological
- Thread