Re: Concerns with OLC (cn=config) for editing schema, ACLs, and deleting entries

On Wed, 21 Mar 2012 22:32:33 -0400, btb@bitrate.net wrote:

i'd amend that process slightly:

Not quite there yet...

Make a habit of always running the slap tools as the user & group slapd runs as, so you'll never screw up file ownerships for slapd. I.e. slapd -u ldap vs su ldap -c 'slapcat'.

1. stop slapd

1.5. su ldap Might as well do umask 0077 while you are at it.

2. slapcat -b 'cn=config' -l config.ldif
3. mv slapd.d slapd.d.bak
4. mkdir slapd.d
5. edit ldif as desired
6. slapadd -n 0 -F slapd.d/ -l config.ldif
7. slaptest -F slapd.d/

8. exit # from 'su'

9. start slapd

I.e. slapd -u ldap -F /whatever/slapd.d/

the order of a few of the steps could vary slightly depending on personal preference, and technically, slapd doesn't necessarily have to be stopped so early on, but for the sake of those to which this topic applies, it keeps things simple.