[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Securing cn=config and allowing micro-engineering

To: Nick Milas <nick@eurobjects.com>, Howard Chu <hyc@symas.com>
Subject: Re: Securing cn=config and allowing micro-engineering
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Thu, 20 Oct 2011 11:03:02 -0700
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <4EA0401A.6070006@eurobjects.com>
References: <4E9FF67C.5060306@eurobjects.com> <4EA0050A.1090005@symas.com> <4EA0401A.6070006@eurobjects.com>

--On Thursday, October 20, 2011 6:36 PM +0300 Nick Milas<nick@eurobjects.com> wrote:

Manually editing slapd.d files is the surest way of causing a problem
that prevents slapd from restarting.


OK, understood!

Obvious approach:
  slapcat -n0 -F old/slapd.d > config.ldif
  edit config.ldif
  slapadd -n0 -F new/slapd.d -l config.ldif
  test using new/slapd.d
  deploy...


OK, I see. Valuable info.

I would note that OpenLDAP 2.5 (when released) adds a "slapmodify" commandper my request. It allows you to do offline modifications of cn=config ina way similar to ldapmodify. This will also keep the CRC checksum intact.


--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Follow-Ups:
- Re: Securing cn=config and allowing micro-engineering
  - From: Nick Milas <nick@eurobjects.com>

References:
- Securing cn=config and allowing micro-engineering
  - From: Nick Milas <nick@eurobjects.com>
- Re: Securing cn=config and allowing micro-engineering
  - From: Howard Chu <hyc@symas.com>
- Re: Securing cn=config and allowing micro-engineering
  - From: Nick Milas <nick@eurobjects.com>

Prev by Date: Re: Google hits for OpenLDAP
Next by Date: Re: Google hits for OpenLDAP
Index(es):
- Chronological
- Thread