On Tue, Nov 27, 2018 at 3:17 PM Quanah Gibson-Mount <quanah(a)symas.com>
--On Tuesday, November 27, 2018 2:22 PM -0800 Daniel Howard
> I had been yearning for a config file, and it turns out I had
It's a database, not configuration files. Removing files from underneath
database is generally not a good idea, although YMMV.
> I am sharing my experience here, for the next person who finds themselves
> googling around, trying to figure out how to remove or tweak a config in
> OpenLDAP. It is nowhere near as complicated as what I had read.
This is the wrong advice. It is also fairly trivial to do what you
a) slapcat -n 0 -l /tmp/config.ldif
b) Remove the duplicate entries from /tmp/config.ldif
c) mv /path/to/current/config /path/to/current/config.old;mkdir -p
d) slapadd -n 0 -l /tmp/config.ldif
I can see how a naive sysadmin might interpret the various text files in
/etc/ldap/slapd.d/cn=config/ as configuration files ... that could be
carefully edited by hand ... or managed programatically through the local
configuration management system.
I appreciate your admonition that this interpretation is wrong, and that
these would-be "config" files in the system configuration file hierarchy
are in fact a software-managed database, so we should not edit what appear
to be plain text configuration files, but simply export them to a text
file, carefully edit the export of the database, delete the entire config
file hierarchy, and then reimport the database.
If I may make a minor feature suggestion: whenever I get a file into /etc
that needs a special workflow, I like to put warnings in the comments at
the top of such files, advising that the file(s) shouldn't be edited by
hand, and explaining the proper workflow. (The visudo command is a golden
standard in this regard.)
djh@djh-p5510 ~> sudo head -3 /etc/sudoers
# This file MUST be edited with the 'visudo' command as root.
Perhaps this is a consideration that is already on the roadmap?