I loaded up 2.4.6 for my small home network use. It and the apps (phpldapadmin, tikiwiki, Webcalendar) that use it are running fine. Sweet!
Now I want to convert to cn=config. I ran:
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d to build the config, then ran:
slapadd -d -1 -F /etc/openldap/slapd.d -n 0 -l cn=config.ldif to import it
I get this error: : config_add_internal: DN="cn=config" already exists slapadd: could not add entry dn="cn=config" (line=1): slapadd shutdown: initiated
I tried -c to ignore errors, but this must be serious.
Not much when I ask Google, but I saw a post from Howard months back that suggested there was a bug surrounding this process and that it was fixed in the 2.3.x HEAD.
Other than that - no other help.
Is there a way to force overwrite?
Anyone? Thanks
\Greg
Greg Martin wrote:
I loaded up 2.4.6 for my small home network use. It and the apps (phpldapadmin, tikiwiki, Webcalendar) that use it are running fine. Sweet!
Now I want to convert to cn=config. I ran:
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.dto build the config, then ran:
slapadd -d -1 -F /etc/openldap/slapd.d -n 0 -l cn=config.ldifto import it
I get this error: : config_add_internal: DN="cn=config" already exists slapadd: could not add entry dn="cn=config" (line=1): slapadd shutdown: initiated
I tried -c to ignore errors, but this must be serious.
Not much when I ask Google, but I saw a post from Howard months back that suggested there was a bug surrounding this process and that it was fixed in the 2.3.x HEAD.
Seems to me that anything you found is completely unrelated to this.
Other than that - no other help.
Is there a way to force overwrite?
Overwrite? Why would you want to overwrite what you just created? Once you've converted the config it's ready to run, you don't slapadd it again. You're trying to slapadd the database onto itself, which obviously makes it complain... There's no import needed.
Howard Chu wrote:
Greg Martin wrote:
Now I want to convert to cn=config. I ran:
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.dto build the config, then ran:
slapadd -d -1 -F /etc/openldap/slapd.d -n 0 -l cn=config.ldifto import it
I get this error: : config_add_internal: DN="cn=config" already exists slapadd: could not add entry dn="cn=config" (line=1): slapadd shutdown: initiated
I tried -c to ignore errors, but this must be serious.
Not much when I ask Google, but I saw a post from Howard months back that suggested there was a bug surrounding this process and that it was fixed in the 2.3.x HEAD.
Seems to me that anything you found is completely unrelated to this.
I didn't think it was, but wanted you to know I had looked for an answer before posting.
Other than that - no other help.
Is there a way to force overwrite?
Overwrite? Why would you want to overwrite what you just created?
I don't, but I do want to understand what's happening. The slapd-config manpage and the admin guide tell me what to do but not why, so I'm trying to figure that out.
Once you've converted the config it's ready to run, you don't slapadd it again. You're trying to slapadd the database onto itself, which obviously makes it complain... There's no import needed.
I read this in man slapd-config: "Assuming the above data was saved in a file named "config.ldif" and the /etc/openldap/slapd.d directory has been created, this command will initialize the configuration: slapadd -F /etc/openldap/slapd.d -n 0 -l config.ldif" and:
"Alternatively, an existing slapd.conf file can be converted to the new format using slapd or any of the slap tools: slaptest -f /etc/openldap/slapd.conf -F ETCDIR/slapd.d"
From reading that it looks as if this is a two-step process. 1) to convert slapd.conf to ./slapd.d, and the second to "initialize" it. Since slapadd is used to add things to the database, I figured it was being imported into the database. Is the slappadd not necessary?
\Greg
Greg Martin wrote:
I read this in man slapd-config: "Assuming the above data was saved in a file named "config.ldif" and the /etc/openldap/slapd.d directory has been created, this command will initialize the configuration: slapadd -F /etc/openldap/slapd.d -n 0 -l config.ldif" and:
"Alternatively, an existing slapd.conf file can be converted to the new format using slapd or any of the slap tools: slaptest -f /etc/openldap/slapd.conf -F ETCDIR/slapd.d"
From reading that it looks as if this is a two-step process.
That is not what the word "Alternatively" means.
- to
convert slapd.conf to ./slapd.d, and the second to "initialize" it. Since slapadd is used to add things to the database, I figured it was being imported into the database. Is the slappadd not necessary?
If you have a plain LDIF file produced by slapcat'ing a database, you can slapadd it to use it.
A slapd.d directory tree produced by converting a slapd.conf file is not a flat LDIF file, it's a tree of related files. It is in fact an LDAP database that uses a hierarchical filesystem as its underlying data store. Since it is an actual LDAP database, slapd reads it directly.
Howard Chu wrote:
Greg Martin wrote:
- to
convert slapd.conf to ./slapd.d, and the second to "initialize" it. Since slapadd is used to add things to the database, I figured it was being imported into the database. Is the slappadd not necessary?
If you have a plain LDIF file produced by slapcat'ing a database, you can slapadd it to use it.
A slapd.d directory tree produced by converting a slapd.conf file is not a flat LDIF file, it's a tree of related files. It is in fact an LDAP database that uses a hierarchical filesystem as its underlying data store. Since it is an actual LDAP database, slapd reads it directly.
OK, I think I get that. Can you help me understand what the manpage is trying to tell me to do with this:
"Assuming the above data was saved in a file named "config.ldif" and the /etc/openldap/slapd.d directory has been created, this command will initialize the configuration: slapadd -F /etc/openldap/slapd.d -n 0 -l config.ldif"
After I ran slaptest to convert my slapd.conf to ./slapd.d, these instructions indicate to me there is more to do. What am I missing?
No, wait. Now I see. If I build the config.ldif from scratch, then I would run slapadd to construct the LDAP database. But since I used slaptest to convert my existing slapd, that construction was done as part of the conversion.
Perhaps the man page could be clarified a bit. The explanation of the conversion process is part of the EXAMPLES section. Maybe a SLAPD.CONF CONVERSION section could be added that says something like: SLAPD.CONF CONVERSION Conversion from slapd.conf to the slapd.d config directory can be accomplished using slaptest or any of the slap tools: slaptest -f /etc/openldap/slapd.conf -F ETCDIR/slapd.d This command will construct the config.ldif and construct the LDAP configuration database. Once completed, change the slapd startup command to reference the directory by using the -F ETCDIR/slapd.d in lieu of -f ETCDIR/slapd.d
YMMV
\Greg
Greg Martin wrote:
Howard Chu wrote:
Greg Martin wrote:
- to
convert slapd.conf to ./slapd.d, and the second to "initialize" it. Since slapadd is used to add things to the database, I figured it was being imported into the database. Is the slappadd not necessary?
If you have a plain LDIF file produced by slapcat'ing a database, you can slapadd it to use it.
A slapd.d directory tree produced by converting a slapd.conf file is not a flat LDIF file, it's a tree of related files. It is in fact an LDAP database that uses a hierarchical filesystem as its underlying data store. Since it is an actual LDAP database, slapd reads it directly.
OK, I think I get that. Can you help me understand what the manpage is trying to tell me to do with this:
"Assuming the above data was saved in a file named "config.ldif" and the /etc/openldap/slapd.d directory has been created, this command will initialize the configuration: slapadd -F /etc/openldap/slapd.d -n 0 -l config.ldif"
After I ran slaptest to convert my slapd.conf to ./slapd.d, these instructions indicate to me there is more to do. What am I missing?
No, wait. Now I see. If I build the config.ldif from scratch, then I would run slapadd to construct the LDAP database. But since I used slaptest to convert my existing slapd, that construction was done as part of the conversion.
Yes, that's pretty much correct. You converted your *slapd configuration* from the old slapd.conf format to the new slapd.d format. In either the old or the new format, slapd just reads what you have, there's no extra "load" step needed.
Converting to an intermediate format (plain LDIF) that then requires manual loading would just be a waste of time, and one thing I utterly detest is software that wastes my time.
Perhaps the man page could be clarified a bit. The explanation of the conversion process is part of the EXAMPLES section. Maybe a SLAPD.CONF CONVERSION section could be added that says something like: SLAPD.CONF CONVERSION Conversion from slapd.conf to the slapd.d config directory can be accomplished using slaptest or any of the slap tools: slaptest -f /etc/openldap/slapd.conf -F ETCDIR/slapd.d This command will construct the config.ldif and construct the LDAP configuration database.
You're still not seeing it. We don't "construct the config.ldif." We only convert the old config file format to the new config directory format. *You* might write a "config.ldif" file by hand, if you're bootstrapping a configuration from scratch, but that's entirely different. There is no "config.ldif" unless you created that yourself, and that has nothing to do with slapd's config directory.
Once completed, change the slapd startup command to reference the directory by using the -F ETCDIR/slapd.d in lieu of -f ETCDIR/slapd.d
Howard Chu wrote:
No, wait. Now I see. If I build the config.ldif from scratch, then I would run slapadd to construct the LDAP database. But since I used slaptest to convert my existing slapd, that construction was done as part of the conversion.
Yes, that's pretty much correct. You converted your *slapd configuration* from the old slapd.conf format to the new slapd.d format. In either the old or the new format, slapd just reads what you have, there's no extra "load" step needed.
Converting to an intermediate format (plain LDIF) that then requires manual loading would just be a waste of time, and one thing I utterly detest is software that wastes my time.
Perhaps the man page could be clarified a bit. The explanation of the conversion process is part of the EXAMPLES section. Maybe a SLAPD.CONF CONVERSION section could be added that says something like: SLAPD.CONF CONVERSION Conversion from slapd.conf to the slapd.d config directory can be accomplished using slaptest or any of the slap tools: slaptest -f /etc/openldap/slapd.conf -F ETCDIR/slapd.d This command will construct the config.ldif and construct the LDAP configuration database.
You're still not seeing it. We don't "construct the config.ldif." We only convert the old config file format to the new config directory format. *You* might write a "config.ldif" file by hand, if you're bootstrapping a configuration from scratch, but that's entirely different. There is no "config.ldif" unless you created that yourself, and that has nothing to do with slapd's config directory.
Hmmm. I could have sworn the slaptest -f... -F... built the config.ldif for me. Its there and I didn't create it. Guess I'll try again and see what I get. I really want to understand this.
Thanks, Howard.
\Greg
Greg Martin wrote:
Howard Chu wrote:
No, wait. Now I see. If I build the config.ldif from scratch, then I would run slapadd to construct the LDAP database. But since I used slaptest to convert my existing slapd, that construction was done as part of the conversion.
Yes, that's pretty much correct. You converted your *slapd configuration* from the old slapd.conf format to the new slapd.d format. In either the old or the new format, slapd just reads what you have, there's no extra "load" step needed.
Converting to an intermediate format (plain LDIF) that then requires manual loading would just be a waste of time, and one thing I utterly detest is software that wastes my time.
Perhaps the man page could be clarified a bit. The explanation of the conversion process is part of the EXAMPLES section. Maybe a SLAPD.CONF CONVERSION section could be added that says something like: SLAPD.CONF CONVERSION Conversion from slapd.conf to the slapd.d config directory can be accomplished using slaptest or any of the slap tools: slaptest -f /etc/openldap/slapd.conf -F ETCDIR/slapd.d This command will construct the config.ldif and construct the LDAP configuration database.
You're still not seeing it. We don't "construct the config.ldif." We only convert the old config file format to the new config directory format. *You* might write a "config.ldif" file by hand, if you're bootstrapping a configuration from scratch, but that's entirely different. There is no "config.ldif" unless you created that yourself, and that has nothing to do with slapd's config directory.
Hmmm. I could have sworn the slaptest -f... -F... built the config.ldif for me. Its there and I didn't create it. Guess I'll try again and see what I get. I really want to understand this.
Thanks, Howard.
\Greg
You mean this?
[ghenry@suretec ~]$ ls /usr/local/etc/openldap/slapd.d/ cn=config cn=config.ldif
Gavin Henry wrote:
Greg Martin wrote:
You're still not seeing it. We don't "construct the config.ldif." We only convert the old config file format to the new config directory format. *You* might write a "config.ldif" file by hand, if you're bootstrapping a configuration from scratch, but that's entirely different. There is no "config.ldif" unless you created that yourself, and that has nothing to do with slapd's config directory.
Hmmm. I could have sworn the slaptest -f... -F... built the config.ldif for me. Its there and I didn't create it. Guess I'll try again and see what I get. I really want to understand this.
Thanks, Howard.
\Greg
You mean this?
[ghenry@suretec ~]$ ls /usr/local/etc/openldap/slapd.d/ cn=config cn=config.ldif
Indeed, I do.
\Greg
Greg Martin wrote:
Gavin Henry wrote:
Greg Martin wrote:
Hmmm. I could have sworn the slaptest -f... -F... built the config.ldif for me. Its there and I didn't create it. Guess I'll try again and see what I get. I really want to understand this.
Thanks, Howard.
\Greg
You mean this?
[ghenry@suretec ~]$ ls /usr/local/etc/openldap/slapd.d/ cn=config cn=config.ldif
Indeed, I do.
It seems pretty obvious to me that "ETCDIR/slapd.d/cn=config.ldif" is completely different from an arbitrary "config.ldif" residing in an unspecified directory mentioned in the slapd-config(5) example.
openldap-software@openldap.org
-
Gavin Henry -
Greg Martin -
Howard Chu