I'm trying to get my head round configuring OpenLDAP 2.4 until Centos 6.
So much documentation refers to slapd.conf
Under Centos 6, it appears that cn=config is in use.
So is reconfiguring OpenLDAP simply a case of editing the .ldif files in /etc/openldap/slapd.d
Or should I be modifying the directory to reconfigure - presumably by some combination of slapadd etc...
Thanks
Giles
On 11-07-26 8:04 AM, Giles Coochey wrote:
I'm trying to get my head round configuring OpenLDAP 2.4 until Centos 6.
So much documentation refers to slapd.conf
Under Centos 6, it appears that cn=config is in use.
So is reconfiguring OpenLDAP simply a case of editing the .ldif files in /etc/openldap/slapd.d
Or should I be modifying the directory to reconfigure - presumably by some combination of slapadd etc...
Thanks
Giles
What I found out about Redhat cn=config is every time you ldadadd/ldapmodify to the database, it automatically updates the relevant ldif on filesystem. Editing .ldif files and restart openldap still works but you will get flamed here :)
Thanks, Daniel
On 28/07/2011 17:25, Daniel Qian wrote:
What I found out about Redhat cn=config is every time you ldadadd/ldapmodify to the database, it automatically updates the relevant ldif on filesystem. Editing .ldif files and restart openldap still works but you will get flamed here :)
Yes - I finally discovered the relevant (redhat) documentation recommending _not_ to manually edit the ldif files directly. Reason given - too easy to make a mistake and then it won't work at all.
From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Giles > Coochey Sent: Thursday, July 28, 2011 9:23 AM To: daniel@up247solution.com Cc: openldap-technical@openldap.org Subject: Re: cn=config configuration method
On 28/07/2011 17:25, Daniel Qian wrote:
What I found out about Redhat cn=config is every time you ldadadd/ldapmodify to the database, it automatically updates the relevant ldif on filesystem. Editing .ldif files and restart openldap still works but you will get flamed here :)
Yes - I finally discovered the relevant (redhat) documentation recommending _not_ to manually edit the ldif files directly. Reason given - too easy to make a mistake and then it won't work at all.
My $.02 : While I'm not yet using slapd.d (harder to manage config via Puppet), my current take on the slapd.d is like the windows registry : use the tools provided (ldapmodify, regedit, etc) rather than trying to edit by hand. Granted, the windows registry is a binary blob and the contents of slapd.d are temptingly human readable text files, the same ideas apply. Of course, the comparison starts to fall apart when you consider you can make any nonsensical edit with regedit, and ldapmodify (and its kin) makes sure the edits are allowed via current config/schema - which reinforces the OpenLDAP team's strong warnings to use the supplied tools vs edits by hand.
- chris
-- Best Regards,
Giles Coochey NetSecSpec Ltd NL Mobile: +31 626 508 131 GIB Mobile: +350 5401 6693 Business Email: giles.coochey@netsecspec.co.uk Email/MSN/Live Messenger: giles@coochey.net Skype: gilescoochey
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
openldap-technical@openldap.org
-
Chris Jacobs -
Daniel Qian -
Giles Coochey