I'd like a simple way to manipulate an off-line database while slapd is running, e.g. to slapadd it from scratch and activate it when done.
Here is one suggestion:
Make olcHidden a dynamic attribute computed from an attribute olcLabel="some text" + a startup option -L "label to activate,...". Updates to olcHidden could fail or update olcLabel for backwards compatibility, depending on configuration.
Then to rebuild database X off-line, maybe with a different config: - Copy ldapadd X's config to a new database Y, except set olcLabel = "offline" and olcDbDirectory = "<new dir>". - Set olcReadOnly=TRUE in X's config, so we won't lose any changes. - Slapcat <X> | slapadd -L offline - Set X's olcDbDirectory="<new dir>" and olcReadOnly=FALSE, to pick up the changes and resume normal operation.
This doesn't cover all cases of reconfiguring a database, e.g. we can't modify a global option like olcIndexIntLen this way. But it's a start.
Also instead of pointing X's olcDbDirectory at Y's directory, one might want to atomically hide database X and un-hide Y, by removing Y's label and then labelling X. That works if one can have two active databases with the same suffix where the former hides the latter. (Maybe the hidden database would be treated as if it had olcHidden.)
Slapd does not currently accept that at startup, but does if one starts with olcHidden=TRUE in the first database and then removes olcHidden. That should probably be cleaned up anyway. The olcHidden machinery has some bugs, I'll ITS them after exploring abit.