[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Modify cn=config



2012/11/27 Dan White <dwhite@olp.net>:
> On 11/27/12 10:55 -0500, Rob "Bubba" Hines wrote:
>>
>> It's been a while since I touched LDAP, so I'm new to the latest
>> configuration changes. Admittedly, I find it aggravating that I can't simply
>> shutdown the LDAP server and modify the configuration, and start it back up.
>>
>> Regardless, my intern stuck the wrong paths in for the TLSCerts, ldap will
>> not start up now ... I need to modify cn=config with the correct paths, but
>> I can't figure out how to get slap* to do it. It hates my ldif, and I just
>> want a simple way to change those three paths. I assume that somewhere in
>> the arcane knowledge that is LDAP, there is a simple solution. But my Google
>> FU has failed me, tho it has served up numerous threads that talk around the
>> problem without providing a solution (or the solution provided was simply
>> 'use slapadd' with no direction on how to 'use slapadd').
>>
>> Here is the latest ldif I've attempted to use (to no avail) with slapadd:
>> dn: cn=config
>> objectClass: olcGlobal
>> cn: config
>> olcTLSCACertificateFile: /etc/ldap/tls/cacert.pem
>> olcTLSCertificateFile: /etc/ldap/tls/slapd.d/slapd_cert.pem
>> olcTLSCertificateKeyFile: /etc/ldap/tls/slapd.d/slapd_key.pem
>>
>> I assume I just don't know how to write a correct LDIF. But I would
>> appreciate any help in modifying cn=config with the server down.
>
>
> The following uses the slapcat/slapadd method to modify your config (in the
> case where slapd is not running).  Adjust your paths and permissions
> accordingly:
>
> cd /etc/ldap
> cp -a slapd.d/ /var/backups/slapd.d-pre-tls-change
> mv slapd.d slapd.d.old
> mkdir slapd.d
> chown openldap:openldap slapd.d
> chmod 755 slapd.d
> slapcat -n0 -F /etc/ldap/slapd.d.old/ > /tmp/config-in-portable-format.ldif
> <edit the ldif>
> slapadd -n0 -F /etc/ldap/slapd.d -l /tmp/config-in-portable-format.ldif

Hi,

I wrote a little OpenLDAP init script that provide 'backupconfig' and
'restoreconfig' actions. You can find it here:
http://ltb-project.org/wiki/documentation/openldap-initscript

It can also backup/restore the data.

Hope it helps,

Clément.