[Date Prev][Date Next] [Chronological] [Thread] [Top]

Removing cn=config elements (Not at runtime)

I have seen in the list archives that using ldapmodify to remove cn=config elements while openldap is running is not supported.

However I do need to be able to disable overlays in certain cases sometimes (Even if it's for testing). I tried shutting down the server and then modifying the cn=config directory area, by renaming the .ldif file to ldif.disable. That seems to work but I'm wondering if there are other caveats I should be considering when performing actions like that.

One thing I did notice is that it seems like the openldap server goes ahead and re-numbers the overlays so there are no gaps. however the cn=config filesystem area did NOT renumber the files and the server behaved strangely when I tried to ldapmodify the "disabled" config back into the running system. (I got a err=32 no such object using openldap 2.4.26) Stopping the server again and then renaming the extension .disable to .ldif brought everything back to where it was. As a side note the ldif I used to create the overlay is the same I tried to use in this last step.

If I disable using the above method and then renumber the files myself before restarting the server I'm able to add the the config back in using ldapmodify but it prompts the question what else should I be considering.

Thanks Jeffrey