--On Friday, September 15, 2017 10:01 AM +0200 Michael Ströder michael@stroeder.com wrote:
And the upgrade issue with 'pwdMaxRecordedFailure' (see other mail thread) serves as good example how easy it is to run into a operational dead-end with cn=config. There's no easy way to fix this afterwards without violating what's considered best practice for maintaining cn=config. I could give several other examples for this kind of operational dead-ends.
In retrospect, I think the ITS that introduced that change should not have gone into RE24. ;) Unfortunately, one thing that people seldom test in testing calls is upgrade scenarios from older versions of OpenLDAP to a current release, with a variety of configurations, so it was not caught as an issue prior to release.
Certainly another reason as to why we need 2.5 out with slapmodify (and possibly a flag to disable loading some modules in that scenario).
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com