On 11/27/12 10:55 -0500, Rob "Bubba" Hines wrote:
It's been a while since I touched LDAP, so I'm new to the latest configuration changes. Admittedly, I find it aggravating that I can't simply shutdown the LDAP server and modify the configuration, and start it back up.
Regardless, my intern stuck the wrong paths in for the TLSCerts, ldap will not start up now ... I need to modify cn=config with the correct paths, but I can't figure out how to get slap* to do it. It hates my ldif, and I just want a simple way to change those three paths. I assume that somewhere in the arcane knowledge that is LDAP, there is a simple solution. But my Google FU has failed me, tho it has served up numerous threads that talk around the problem without providing a solution (or the solution provided was simply 'use slapadd' with no direction on how to 'use slapadd').
Here is the latest ldif I've attempted to use (to no avail) with slapadd: dn: cn=config objectClass: olcGlobal cn: config olcTLSCACertificateFile: /etc/ldap/tls/cacert.pem olcTLSCertificateFile: /etc/ldap/tls/slapd.d/slapd_cert.pem olcTLSCertificateKeyFile: /etc/ldap/tls/slapd.d/slapd_key.pem
I assume I just don't know how to write a correct LDIF. But I would appreciate any help in modifying cn=config with the server down.
The following uses the slapcat/slapadd method to modify your config (in the case where slapd is not running). Adjust your paths and permissions accordingly:
cd /etc/ldap cp -a slapd.d/ /var/backups/slapd.d-pre-tls-change mv slapd.d slapd.d.old mkdir slapd.d chown openldap:openldap slapd.d chmod 755 slapd.d slapcat -n0 -F /etc/ldap/slapd.d.old/ > /tmp/config-in-portable-format.ldif <edit the ldif> slapadd -n0 -F /etc/ldap/slapd.d -l /tmp/config-in-portable-format.ldif