Thanks for the example. I have Debian 9. Changing the example for my values. ldapmodify -Y EXTERNAL -H ldapi:/// -f change.ldif I get an error ldapmodify: wrong attributeType at line 10, entry " olcDatabase={0}config, cn=config»
If you don't mind please tell me what I'm doing wrong
20 нояб. 2020 г., в 23:35, Quanah Gibson-Mount quanah@symas.com написал(а):
--On Friday, November 20, 2020 10:50 AM +0000 Клеусов Владимир Сергеевич Kleusov.Vladimir@wildberries.ru wrote:
Right ? Sorry for being so detailed...
You should be able to do all of the modifications necessary as two operations inside a single LDIF file. Additionally, since you previously set olcMirrorMode to true, there's no need to do it again.
As an aside, I would note that the hdb backend is deprecated and you are encouraged to migrate to using the MDB backend instead. You've also not stated what release of OpenLDAP you are using, but I'd strongly advise using no earlier than 2.4.54. It generally appears you're on RHEL7 based on the changes you noted. If that's correct, Symas offers free replacement packages that are up to date at: https://repo.symas.com/sofl/rhel7/. The LTB project also offers current builds for a variety of platforms at https://ltb-project.org/download.
Example LDIF file for doing the necessary changes:
cat > /tmp/change.ldif << EOF dn: olcDatabase={0}config, cn=config changetype: modify replace: olcRootPW olcRootPW: newpass
replace: olcSyncRepl olcSyncRepl: rid=001 provider=ldaps://ldap1.domain.com searchbase="cn=config" bindmethod=simple credentials=newpass binddn="cn=admin,cn=config" tls_reqcert=never type=refreshAndPersist retry="30 +" timeout=1 olcSyncRepl: rid=002 provider=ldaps://ldap2.domain.com searchbase="cn=config" bindmethod=simple credentials=newpass binddn="cn=admin,cn=config" tls_reqcert=never type=refreshAndPersist retry="30 +" timeout=1
dn: olcDatabase={1}mdb,cn=config changetype: modify replace: olcRootPW olcRootPW: newpass
replace: olcSyncRepl olcSyncRepl: rid=001 provider=ldaps://ldap1.domain.com searchbase="dc=domain,dc=com" bindmethod=simple credentials=newpass binddn="cn=admin,dc=domain,dc=com" tls_reqcert=allow type=refreshAndPersist retry="30 +" timeout=1 olcSyncRepl: rid=002 provider=ldaps://ldap2.domain.com searchbase="dc=domain,dc=com" bindmethod=simple credentials=newpass binddn="cn=admin,dc=domain,dc=com" tls_reqcert=allow type=refreshAndPersist retry="30 +" timeout=1 EOF
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com