On Tue, Nov 27, 2018 at 3:17 PM Quanah Gibson-Mount quanah@symas.com wrote:
--On Tuesday, November 27, 2018 2:22 PM -0800 Daniel Howard dannyman@toldme.com wrote:
I can see how a naive sysadmin might interpret the various text files in /etc/ldap/slapd.d/cn=config/ as configuration files ... that could be carefully edited by hand ... or managed programatically through the local configuration management system.
I appreciate your admonition that this interpretation is wrong, and that these would-be "config" files in the system configuration file hierarchy are in fact a software-managed database, so we should not edit what appear to be plain text configuration files, but simply export them to a text file, carefully edit the export of the database, delete the entire config file hierarchy, and then reimport the database.
If I may make a minor feature suggestion: whenever I get a file into /etc that needs a special workflow, I like to put warnings in the comments at the top of such files, advising that the file(s) shouldn't be edited by hand, and explaining the proper workflow. (The visudo command is a golden standard in this regard.)
djh@djh-p5510 ~> sudo head -3 /etc/sudoers # # This file MUST be edited with the 'visudo' command as root. #
Perhaps this is a consideration that is already on the roadmap?
Thanks, -danny
Daniel Howard wrote:
If I may make a minor feature suggestion: whenever I get a file into /etc that needs a special workflow, I like to put warnings in the comments at the top of such files, advising that the file(s) shouldn't be edited by hand, and explaining the proper workflow. (The visudo command is a golden standard in this regard.)
Open your eyes.
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. # CRC32 7ec5c1eb dn: cn=config objectClass: olcGlobal cn: config
--On Wednesday, November 28, 2018 10:16 AM -0800 Daniel Howard dannyman@toldme.com wrote:
You mean like it already does? :)
head -1 cn=config.ldif # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org