[Date Prev][Date Next]
Re: LDAP browsers and cn=config
----- "Gervase Markham" <firstname.lastname@example.org> wrote:
> On 07/03/11 21:33, Howard Chu wrote:
> > Gervase Markham wrote:
> >> On 07/03/11 17:49, Gervase Markham wrote:
> >>> oldRootDN: cn=admin,cn=config
> >> ----^
> >> And that would be the problem :-|
> >> Thank you for your help.<shuffles feet in an embarrassed fashion>
> > cn=config is an LDAP database, it is not a collection of files for
> > to edit by hand.
> Although presumably if you manage to mess up your configuration
> that's what you have to do.
But, how did you mess it up so bad in the first place?
I've seen "you can edit the files by hand
> it all goes wrong" used as an argument for using the LDIF backend for
> cn=config in the archives of this very mailing list, if I'm not
> > You are supposed to use ldapmodify on it, for reasons
> > of this very nature. I.e., ldapmodify gets syntax-checked and
> > typos of this sort get caught.
> But being able to edit the database is precisely the problem I had!
> rather chicken and egg.
> > If you had used "ldapmodify -H ldapi:/// -Y EXTERNAL" to add the
> > attributes you wouldn't have these silly problems.
> Yes, of course - because Real Men use commands with a minimum of 4
> command-line flags to do any operation, and if I'm not up to that, I
> can't possibly be worthy to use OpenLDAP.
echo -e "URI ldapi:///\nSASL_MECH EXTERNAL" >> ~/.ldaprc
Then you won't have to use 4 commandline flags in future.
> > If your LDAP browsers don't support ldapi:/// that's their
> I don't even know what the "i" in ldapi is, or how it's different from
> ldap://. And this search of the OpenLDAP documentation is sadly
> Can you tell me which LDAP browsers do support this scheme? After all,
> the other part of my message was asking for advice on which was best.
> There are two ways you, the development team, can think about
Which development team shipped your config, and set you up with config editing using ldapi, but didn't think it was a good idea to populate root's .ldaprc ?
Probably not the OpenLDAP team.