7:55 a.m.
It's been a while since I touched LDAP, so I'm new to the latest
configuration changes. Admittedly, I find it aggravating that I can't
simply shutdown the LDAP server and modify the configuration, and start
it back up.
Regardless, my intern stuck the wrong paths in for the TLSCerts, ldap
will not start up now ... I need to modify cn=config with the correct
paths, but I can't figure out how to get slap* to do it. It hates my
ldif, and I just want a simple way to change those three paths. I assume
that somewhere in the arcane knowledge that is LDAP, there is a simple
solution. But my Google FU has failed me, tho it has served up numerous
threads that talk around the problem without providing a solution (or
the solution provided was simply 'use slapadd' with no direction on how
to 'use slapadd').
Here is the latest ldif I've attempted to use (to no avail) with slapadd:
dn: cn=config
objectClass: olcGlobal
cn: config
olcTLSCACertificateFile: /etc/ldap/tls/cacert.pem
olcTLSCertificateFile: /etc/ldap/tls/slapd.d/slapd_cert.pem
olcTLSCertificateKeyFile: /etc/ldap/tls/slapd.d/slapd_key.pem
I assume I just don't know how to write a correct LDIF. But I would
appreciate any help in modifying cn=config with the server down.
--
Rob "Bubba" Hines
*
Bubba <http://blog.hines57.com/>
*
Bubba on LinkedIn <http://www.linkedin.com/in/robhines>
*
Bubba on Twitter <http://twitter.com/#%21/robhines>
*
Bubba on Facebook
<http://www.facebook.com/people/Robert-Hines/679491526>
*
Bubba on Plaxo <http://www.plaxo.com/profile/showPublic/robhines>
*
Bubba's Klout <http://klout.com/#/robhines>
*
Bubba on Google
<https://plus.google.com/u/0/110941764679832570087/about>
9:59 a.m.
On 11/27/12 10:55 -0500, Rob "Bubba" Hines wrote:
It's been a while since I touched LDAP, so I'm new to the
latest
configuration changes. Admittedly, I find it aggravating that I can't
simply shutdown the LDAP server and modify the configuration, and
start it back up.
Regardless, my intern stuck the wrong paths in for the TLSCerts, ldap
will not start up now ... I need to modify cn=config with the correct
paths, but I can't figure out how to get slap* to do it. It hates my
ldif, and I just want a simple way to change those three paths. I
assume that somewhere in the arcane knowledge that is LDAP, there is
a simple solution. But my Google FU has failed me, tho it has served
up numerous threads that talk around the problem without providing a
solution (or the solution provided was simply 'use slapadd' with no
direction on how to 'use slapadd').
Here is the latest ldif I've attempted to use (to no avail) with slapadd:
dn: cn=config
objectClass: olcGlobal
cn: config
olcTLSCACertificateFile: /etc/ldap/tls/cacert.pem
olcTLSCertificateFile: /etc/ldap/tls/slapd.d/slapd_cert.pem
olcTLSCertificateKeyFile: /etc/ldap/tls/slapd.d/slapd_key.pem
I assume I just don't know how to write a correct LDIF. But I would
appreciate any help in modifying cn=config with the server down.
The following uses the slapcat/slapadd method to modify your config (in the
case where slapd is not running). Adjust your paths and permissions
accordingly:
cd /etc/ldap
cp -a slapd.d/ /var/backups/slapd.d-pre-tls-change
mv slapd.d slapd.d.old
mkdir slapd.d
chown openldap:openldap slapd.d
chmod 755 slapd.d
slapcat -n0 -F /etc/ldap/slapd.d.old/ > /tmp/config-in-portable-format.ldif
<edit the ldif>
slapadd -n0 -F /etc/ldap/slapd.d -l /tmp/config-in-portable-format.ldif
--
Dan White
12:39 a.m.
2012/11/27 Dan White <dwhite(a)olp.net>:
On 11/27/12 10:55 -0500, Rob "Bubba" Hines wrote:
>
> It's been a while since I touched LDAP, so I'm new to the latest
> configuration changes. Admittedly, I find it aggravating that I can't simply
> shutdown the LDAP server and modify the configuration, and start it back up.
>
> Regardless, my intern stuck the wrong paths in for the TLSCerts, ldap will
> not start up now ... I need to modify cn=config with the correct paths, but
> I can't figure out how to get slap* to do it. It hates my ldif, and I just
> want a simple way to change those three paths. I assume that somewhere in
> the arcane knowledge that is LDAP, there is a simple solution. But my Google
> FU has failed me, tho it has served up numerous threads that talk around the
> problem without providing a solution (or the solution provided was simply
> 'use slapadd' with no direction on how to 'use slapadd').
>
> Here is the latest ldif I've attempted to use (to no avail) with slapadd:
> dn: cn=config
> objectClass: olcGlobal
> cn: config
> olcTLSCACertificateFile: /etc/ldap/tls/cacert.pem
> olcTLSCertificateFile: /etc/ldap/tls/slapd.d/slapd_cert.pem
> olcTLSCertificateKeyFile: /etc/ldap/tls/slapd.d/slapd_key.pem
>
> I assume I just don't know how to write a correct LDIF. But I would
> appreciate any help in modifying cn=config with the server down.
The following uses the slapcat/slapadd method to modify your config (in the
case where slapd is not running). Adjust your paths and permissions
accordingly:
cd /etc/ldap
cp -a slapd.d/ /var/backups/slapd.d-pre-tls-change
mv slapd.d slapd.d.old
mkdir slapd.d
chown openldap:openldap slapd.d
chmod 755 slapd.d
slapcat -n0 -F /etc/ldap/slapd.d.old/ > /tmp/config-in-portable-format.ldif
<edit the ldif>
slapadd -n0 -F /etc/ldap/slapd.d -l /tmp/config-in-portable-format.ldif
Hi,
I wrote a little OpenLDAP init script that provide 'backupconfig' and
'restoreconfig' actions. You can find it here:
http://ltb-project.org/wiki/documentation/openldap-initscript
It can also backup/restore the data.
Hope it helps,
Clément.
3949
days inactive
3950
days old
openldap-technical@openldap.org
2 comments
3 participants
participants (3)
-
Clément OUDOT -
Dan White -
Rob "Bubba" Hines