[Date Prev][Date Next] [Chronological] [Thread] [Top]

Removing cn=config elements (Not at runtime)

To: openldap-technical@openldap.org
Subject: Removing cn=config elements (Not at runtime)
From: Jeffrey Crawford <jeffreyc@ucsc.edu>
Date: Tue, 11 Oct 2011 12:18:18 -0700
User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.9) Gecko/20100722 Lightning/1.0b1 Eudora/3.0.4

I have seen in the list archives that using ldapmodify to removecn=config elements while openldap is running is not supported.

However I do need to be able to disable overlays in certain casessometimes (Even if it's for testing). I tried shutting down the serverand then modifying the cn=config directory area, by renaming the .ldiffile to ldif.disable. That seems to work but I'm wondering if there areother caveats I should be considering when performing actions like that.

One thing I did notice is that it seems like the openldap server goesahead and re-numbers the overlays so there are no gaps. however thecn=config filesystem area did NOT renumber the files and the serverbehaved strangely when I tried to ldapmodify the "disabled" config backinto the running system. (I got a err=32 no such object using openldap2.4.26) Stopping the server again and then renaming the extension.disable to .ldif brought everything back to where it was. As a sidenote the ldif I used to create the overlay is the same I tried to use inthis last step.

If I disable using the above method and then renumber the files myselfbefore restarting the server I'm able to add the the config back inusing ldapmodify but it prompts the question what else should I beconsidering.


Thanks Jeffrey

Follow-Ups:
- Re: Removing cn=config elements (Not at runtime)
  - From: Ralf Haferkamp <rhafer@suse.de>

Prev by Date: Re: syncrepl tls_cert file not red ?
Next by Date: Partial and Fractional Replication Details
Index(es):
- Chronological
- Thread