11 Feb
2025
11 Feb
'25
12:45 p.m.
On Tue, Feb 11, 2025 at 09:40:47AM +0000, Marc wrote:
I would not start it in the first place... Otherwise maybe don't give it network access?
currenlty my method is retrieving ldif files from some config storage (that is on same network as ldap server), do sometimes some sed stuff, and then I import them like this:
ldapadd -Q -D "cn=admin,cn=config" -Y EXTERNAL -H ldapi:/// -f $SLAPD_CFG_DIR/change-modules.ldif
So this way I have direct feedback if one of the ldifs is not compatible with some slapd upgrade.
slapadd -n0 is your friend, no need to start the server for it. Maybe also slaptest if you want to double check the resulting config.
--
Ondřej Kuzník
Senior Software Engineer
Symas Corporation http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP