Jose Ildefonso Camargo Tolosa wrote:
On Wed, Apr 20, 2011 at 2:53 PM, Howard Chu<hyc@symas.com> wrote:The tree of files is not meant for you to ever look at or modify directly. Just use slapcat or ldapsearch. If you know anything about LDAP at all this is MUCH easier than editing flat text files, since you can use any LDAP tool (commandline or GUI) to do all the administration.I don't find complex to directly modify the files, actually, I find it easier than having to write a ldif modification script every time I need to apply a change! I just go ahead and edit the corresponding ldif file on slapd.d
You are editing the backing store of a slapd internal database. If slapd is running while you're doing this, you will probably corrupt the database. Even if slapd is not running, you'll probably corrupt the database.
http://www.openldap.org/doc/admin24/slapdconf2.html#Configuration%20Layout If you don't read the documentation you have only yourself to blame for being confused.Yeah, that page is incomplete when compared to: http://www.openldap.org/doc/admin24/slapdconfig.html The cn=config directives is missing the access control part, that you can get: http://www.openldap.org/doc/admin24/access-control.html#Access%20Control%20via%20Dynamic%20Configuration Not a big deal, but it took me a while to realize that the documentation was no longer on the same place as for slapd.conf
Ah yes, the access control example was moved. That move was a bad idea and was supposed to be reverted. Apparently our doc editor is still busy with other things and hasn't gotten to cleaning this up yet.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/