 
            Mike Jackson wrote:
Quoting Michael Ströder michael@stroeder.com:
When using slapadd to fully load cn=config you have to stop your slapd during that. So this is definitely *not* how cn=config is supposed to be operated. Also when mucking directly with the LDIF you loose slapd's capability of input validation.
Ciao, Michael.
Please read my post more carefully and understand it before commenting.
Slapd has never been started at this point so there's nothing to stop. It doesn't have any configuration at all. I don't muck with the LDIF, I generate it. If you take a little time to study the cn=config entries, you'll see that it's not exactly rocket science to write or generate your own. The only real concern is that the attribute names or something change over time and I have to adapt my template, in
We've never changed the names of any config attributes. The only thing that has changed over time is adding new definitions.
other words it's not declared as a public interface but it really should be. You can even keep it in git (my template is certainly in git).
The schema is published in the cn=schema,cn=config entry. That's as much a public interface as there'll ever be in an LDAP directory.