Quanah Gibson-Mount wrote:
--On Friday, December 13, 2013 6:00 PM +0000 Clint Petty
> I know you are suppose to make changes through the command line, when
> using cn=config. I tried changing it through ldapmodify, however wasn't
> able to get it to work. So changed it in the file and it did work. We
> are transitioning away from cn=config, so this is just a short term
Bad idea, given that cn=config will eventually become the only way to
configure openldap. Instead of transitioning away, you should figure out why
you have problems using it, and resolve those instead.
AFAICT slapd.conf will at least be available in all OpenLDAP releases 2.4.x.
Maybe even in 2.5 if I understood Howard correctly at LDAPcon 2013.
There *are* very good reasons to use slapd.conf - especially when beginning to
develop your slapd configuration and you want to remove things and start over
from scratch. We can see on this list that it's very hard for beginners to
start with cn=config.
Also I'm very much in favour of using slapd.conf with config management
systems like puppet or similar and version control of config files.
I'm currently working on a bunch of complex ACLs which would be a pain with
cn=config. And yes, I know how these ACLs look in cn=config since I use
cn=config read-only for letting the monitor check determining the syncrepl