hi,
i use the last version of openldap (2.3.30, compiled by hand) and i try to implement an "slapd.d" configuration
first i made my slapd.conf file and after that i start ldap server with "slapd -f slapd.conf -F slapd.d" command
after that in slapd.d directory i have an cn=config.ldif file and a directory cn=config .... in this directory i have olcDatabase={2}bdb.ldif for my ldap base
on second start of ldap server i used this command "/path/to/slapd -F /path/to/slapd.d" if i modify some access rules on this file i must to restart slapd to view that this new access rules are used ....
how can i make this access rule to be used on the fly ( from administrator's guide: The LDAP configuration engine allows all of slapd's configuration options to be changed on the fly, generally without requiring a server restart for the changes to take effect)
thanks
cosmih wrote:
[...]
how can i make this access rule to be used on the fly ( from administrator's guide: The LDAP configuration engine allows all of slapd's configuration options to be changed on the fly, generally without requiring a server restart for the changes to take effect)
s/all/one or two/
I'd guess that the passage you quote (and it _is_ correct) was written for a future version of OpenLDAP. For us, simply being able to change olcLogLevel on the fly with gq's 'point 'n click' has been one huge godsend.
--Tonni
Tony Earnshaw wrote:
cosmih wrote:
[...]
how can i make this access rule to be used on the fly ( from administrator's guide: The LDAP configuration engine allows all of slapd's configuration options to be changed on the fly, generally without requiring a server restart for the changes to take effect)
s/all/one or two/
I'd guess that the passage you quote (and it _is_ correct) was written for a future version of OpenLDAP. For us, simply being able to change olcLogLevel on the fly with gq's 'point 'n click' has been one huge godsend.
Where are you getting this "one or two" stuff? Everything can be set dynamically. All means all.
The original poster obviously missed the point that the *LDAP* configuration engine is driven by *LDAP*. I.e., changes are accomplished using ldapmodify, not by editing any files.
Howard Chu wrote:
[...]
I'd guess that the passage you quote (and it _is_ correct) was written for a future version of OpenLDAP. For us, simply being able to change olcLogLevel on the fly with gq's 'point 'n click' has been one huge godsend.
Where are you getting this "one or two" stuff? Everything can be set dynamically. All means all.
Ok, it can all be changed. For cn=config I often use GQ, since that's a handy tool, to change olcLogLevel on running servers. But changing the order of olc Access, for example, isn't easily accomplished (this has been discussed before) and all on the fly changes are lost the next time the daemon is restarted (assuming a valid slapd.conf and other included conf files). I should have written that it's not a practical solution at the moment.
The original poster obviously missed the point that the *LDAP* configuration engine is driven by *LDAP*. I.e., changes are accomplished using ldapmodify, not by editing any files.
Possibly, he didn't make that clear.
--Tonni
<quote who="Tony Earnshaw">
Howard Chu wrote:
[...]
I'd guess that the passage you quote (and it _is_ correct) was written for a future version of OpenLDAP. For us, simply being able to change olcLogLevel on the fly with gq's 'point 'n click' has been one huge godsend.
Where are you getting this "one or two" stuff? Everything can be set dynamically. All means all.
Ok, it can all be changed. For cn=config I often use GQ, since that's a handy tool, to change olcLogLevel on running servers. But changing the order of olc Access, for example, isn't easily accomplished (this has been discussed before) and all on the fly changes are lost the next time the daemon is restarted (assuming a valid slapd.conf and other included conf files).
No changes should be lost if you started and restarted slapd with -F slapd.d/
If you started with a slapd.conf, changes only work until the next restart, where slapd reads only from slapd.conf and ignores slapd.d directory
I should have written that it's not a practical solution at the moment.
The original poster obviously missed the point that the *LDAP* configuration engine is driven by *LDAP*. I.e., changes are accomplished using ldapmodify, not by editing any files.
Possibly, he didn't make that clear.
--Tonni
-- Tonni Earnshaw tonni @ barlaeus.nl
Tony,
Updates to your configuration made by LDAP updates CAN be persistent. If you start slapd with the -F option, slapd will create a configuration directory, converting your current slapd.conf into a permanent directory in slapd.d. If you continue to use the -F option on restart, any configuration changes from prior sessions will be still in force.
I agree that reordering olcAccess isn't easy. I keep an ldapmodify LDIF file with just a changetype replace for that one attribute. Don't put the sequence numbers and curly braces into the LDIF, OpenLDAP will assign those sequence numbers itself. Replacing all the values like this will get them in the order you want. If you have a lot of ACLs, you may want to dump them with ldapsearch first and convert the LDIF output for the replace operation.
Tony Earnshaw wrote:
Howard Chu wrote:
[...]
I'd guess that the passage you quote (and it _is_ correct) was written for a future version of OpenLDAP. For us, simply being able to change olcLogLevel on the fly with gq's 'point 'n click' has been one huge godsend.
Where are you getting this "one or two" stuff? Everything can be set dynamically. All means all.
Ok, it can all be changed. For cn=config I often use GQ, since that's a handy tool, to change olcLogLevel on running servers. But changing the order of olc Access, for example, isn't easily accomplished (this has been discussed before) and all on the fly changes are lost the next time the daemon is restarted (assuming a valid slapd.conf and other included conf files). I should have written that it's not a practical solution at the moment.
The original poster obviously missed the point that the *LDAP* configuration engine is driven by *LDAP*. I.e., changes are accomplished using ldapmodify, not by editing any files.
Possibly, he didn't make that clear.
--Tonni
thanks for all
it was my mistake ... i was tring to change access rules in ldif file and not with ldapmodify
thanks again
On 12/4/06, Howard Chu hyc@symas.com wrote:
Tony Earnshaw wrote:
cosmih wrote:
[...]
how can i make this access rule to be used on the fly ( from administrator's guide: The LDAP configuration engine allows all of slapd's configuration options to be changed on the fly, generally without requiring a server restart for the changes to take effect)
s/all/one or two/
I'd guess that the passage you quote (and it _is_ correct) was written for a future version of OpenLDAP. For us, simply being able to change olcLogLevel on the fly with gq's 'point 'n click' has been one huge godsend.
Where are you getting this "one or two" stuff? Everything can be set dynamically. All means all.
The original poster obviously missed the point that the *LDAP* configuration engine is driven by *LDAP*. I.e., changes are accomplished using ldapmodify, not by editing any files.
-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/
On Monday 04 December 2006 17:12, cosmih wrote:
hi,
i use the last version of openldap (2.3.30, compiled by hand) and i try to implement an "slapd.d" configuration
first i made my slapd.conf file and after that i start ldap server with "slapd -f slapd.conf -F slapd.d" command
after that in slapd.d directory i have an cn=config.ldif file and a directory cn=config .... in this directory i have olcDatabase={2}bdb.ldif for my ldap base
on second start of ldap server i used this command "/path/to/slapd -F /path/to/slapd.d" if i modify some access rules on this file
Don't modify the files here manually.
i must to restart slapd to view that this new access rules are used ....
how can i make this access rule to be used on the fly ( from administrator's guide: The LDAP configuration engine allows all of slapd's configuration options to be changed on the fly, generally without requiring a server restart for the changes to take effect)
You write to the cn=config suffix.
openldap-software@openldap.org
-
Buchan Milne -
cosmih -
Gavin Henry -
Howard Chu -
Marty Heyman -
Tony Earnshaw