Re: Concerns with OLC (cn=config) for editing schema, ACLs, and deleting entries

["David N. Blank-Edelman" <dnb@ccs.neu.edu>]

On Mar 19, 2012, at 8:32 PM, Chris Hiestand wrote:

> I don't think writing a custom ldap client is "simple". Or, as David Blank-Edelman requests, perhaps you have some example code showing how simple it is? I have written ldap scripts in perl, python, and php - so I'm not asking as a newbie.

So, I should be clear, I'm not trying to get in the middle of your discussion about user interfaces and etc.l with Quanah or express any opinion about it. 

I would just love to see some good sample code for OpenLDAP server administration published because I think it would be very helpful to everyone, newbies and people like you and me who have scripted LDAP. I think there are a number of reasons why scripting this stuff can be a bit daunting, especially when it comes to server-specific administration. The Net::LDAP code Quanah references is probably quite simple in form, it is just the details that can be tricky to get right.

To your original point: once those details are clear, I suspect it would be relatively straightforward to write a slapacl command/script that parsed the ACL .conf file format and then used Net::LDAP to twiddle cn=config on a specified server accordingly.

        -- dNb