--On Thursday, April 18, 2013 4:58 PM +0200 Michael Ströder michael@stroeder.com wrote:
Quanah Gibson-Mount wrote:
--On Thursday, April 18, 2013 7:18 AM -0300 Diego Woitasen diego@woitasen.com.ar wrote:
I know that I could remove it from the filesystem, but I wouldn't.
You can use slapcat -n 0 to export your cn=config database to LDIF. Modify the LDIF for cn=config to no longer reference back-shell, and then reload your cn=config DB using slapadd -n 0.
IIRC the official OpenLDAP developer statement about this approach was up to now: Don't do that!
No, using slapcat/slapadd has been the only supported method. The "Don't Do That" is manually editing the files under cn=config.
Personally I'd like to see some sort of offline mode for slapd that allows you to purely edit cn=config over ldapi:/// where slapd only accepts connections from the rootdn, and will only respond to queries against the cn=config DIT.
Well, the ldapi:/// thing already works. Only for default builds deleting something from cn=config does not work at all.
Incorrect. By default ldapi:/// would allow any client connecting over ldapi:/// to query any part of the DIT. And I have a number of such clients. Please re-read my description.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration