On 10/30/24 2:52 AM, Windl, Ulrich wrote:
-----Original Message----- From: Brendan Kearney bpk678@gmail.com Sent: Monday, October 21, 2024 7:52 PM To: Quanah Gibson-Mount quanah@fast-mail.org; openldap- technical@openldap.org Subject: [EXT] Re: Removing AutoCA overlay, objectClass, etc
...
#!/bin/bash
name=`hostname` date=$(date +%b-%d-%Y)
/sbin/slapcat -n0 -l /root/$name.config.$date.ldif /sbin/slapcat -n2 -l /root/$name.bpk2.$date.ldif
mv /root/$name.*.ldif /backups/
if i run just "slapcat -n0" from the command line, i sometimes get the LDIF output, while other times i get the following error:
[Windl, Ulrich]
Maybe examining the exit code of the command before continuing might be a good idea. 😉 Capturing and examining the command output might be another good idea.
...
Regards, Ulrich
i recently spent time looking at this. using debug from the commands, i could see that the olcAutoCAserverClass attribute was causing an error. i had it set to "device", so i deleted the attribute as well as the olcAutoCAuserClass attribute (which was set to "person"). now i can get consistent, proper output from slapcat and can backup things with my script. not sure if this is a bug or what. i'm running 2.6.6, which is probably a bit long in the tooth.
in addition, i was finally able to delete the cACertificate and cAPrivateKey attributes. in the autoCA overlay config, i had olcDisabled set to true. by removing the attribute there (not setting it to false, just deleting it), i was able to delete the attributes with the ldapmodify suggestion. of note, the attributes have to be cACertificate;binary and cAPrivateKey;binary. the syntax requires the ";binary" piece.
thanks for the help and insight.