On Thu, Apr 19, 2018 at 5:12 AM, Frank Swasey <Frank.Swasey@uvm.edu> wrote:

For future reference here's the procedure that I've worked up:

shutdown slapd on all MMR members
slapcat the database
edit the database to remove all "pwd*" attributes and all entries that are pwd* objectClass
edit the slapd.conf file (if you are using slapd.d you are on your own)
replace the database (delete, and slapadd)
Empty the accesslog database if you are using that
start slapd

Copy your edited database to the rest of your servers and use the tried and true "nuke & repave" process to delete the existing database, edit the config, slapadd the edited database

Frank,

Thank you for outlining this process. Does anyone have a preferred "hand holding" walkthrough they could recommend for this type of procedure, for those of us who are not as confident in our OpenLDAP prowess?

Cheers,

-danny

http://dannyman.toldme.com