Hello list,
I want to know what the recommended way is to configure slapd. I'm using openldap package 2.4.28 under ubuntu precise. As default there is no /etc/ldap/slapd.conf and the whole configuration is located under /etc/ldap/slapd.d/ in ldif format.
1. Must I use ldapmodify to change slapd configuration in cn=config backend or can I just change configuration directives directly in the appropriate ldif file under /etc/ldap/slapd.d/cn=config/* ? If the latter, have I to restart slapd after configuration changes?
2. Will the old school way to configure slapd via slapd.conf be deprecated and not available at all in future?
Thanks and kind regards, Tobias Hachmer
--On Monday, September 24, 2012 6:11 PM +0200 Tobias Hachmer lists@kokelnet.de wrote:
Hello list,
I want to know what the recommended way is to configure slapd. I'm using openldap package 2.4.28 under ubuntu precise. As default there is no /etc/ldap/slapd.conf and the whole configuration is located under /etc/ldap/slapd.d/ in ldif format.
- Must I use ldapmodify to change slapd configuration in cn=config
backend or can I just change configuration directives directly in the appropriate ldif file under /etc/ldap/slapd.d/cn=config/* ? If the latter, have I to restart slapd after configuration changes?
You must use ldapmodify. Alternatively, you can slapcat the cn=config DB, modify the resulting LDIF, and re-import it. See the -n 0 option to slapcat/slapadd.
Never modify the files under cn=config directly.
- Will the old school way to configure slapd via slapd.conf be
deprecated and not available at all in future?
Correct.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah/Tobias:
Actually, modifying .ldif files directly and restarting the slapd worked for me. I have tested it many times for different changes, so far so good. You are welcome to test it out.
Yan
-----Original Message----- From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Quanah Gibson-Mount Sent: Monday, September 24, 2012 12:44 PM To: Tobias Hachmer; openldap-technical@openldap.org Subject: Re: slapd: way of configuration
--On Monday, September 24, 2012 6:11 PM +0200 Tobias Hachmer lists@kokelnet.de wrote:
Hello list,
I want to know what the recommended way is to configure slapd. I'm using openldap package 2.4.28 under ubuntu precise. As default there is no /etc/ldap/slapd.conf and the whole configuration is located under /etc/ldap/slapd.d/ in ldif format.
- Must I use ldapmodify to change slapd configuration in cn=config
backend or can I just change configuration directives directly in the appropriate ldif file under /etc/ldap/slapd.d/cn=config/* ? If the latter, have I to restart slapd after configuration changes?
You must use ldapmodify. Alternatively, you can slapcat the cn=config DB, modify the resulting LDIF, and re-import it. See the -n 0 option to slapcat/slapadd.
Never modify the files under cn=config directly.
- Will the old school way to configure slapd via slapd.conf be
deprecated and not available at all in future?
Correct.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
--On Monday, September 24, 2012 1:35 PM -0400 Yan Gong yan@fabric.com wrote:
Quanah/Tobias:
Actually, modifying .ldif files directly and restarting the slapd worked for me. I have tested it many times for different changes, so far so good. You are welcome to test it out.
Do *NOT* do this. I don't think I can make it any clearer than that.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah Gibson-Mount wrote:
--On Monday, September 24, 2012 1:35 PM -0400 Yan Gong yan@fabric.com wrote:
Quanah/Tobias:
Actually, modifying .ldif files directly and restarting the slapd worked for me. I have tested it many times for different changes, so far so good. You are welcome to test it out.
Do *NOT* do this. I don't think I can make it any clearer than that.
Eh. Anyone who has the freedom to stop and start their LDAP server at will obviously isn't doing anything important with it in the first place. Folks can either read the documentation and actually follow along, or ignore it at their own peril.
Michael Ströder wrote:
Howard Chu wrote:
Anyone who has the freedom to stop and start their LDAP server at will obviously isn't doing anything important with it in the first place.
This sentence is nonsense.
No moreso than the post that prompted it.
Am 24.09.2012 23:26, schrieb Howard Chu:
Michael Ströder wrote:
Howard Chu wrote:
Anyone who has the freedom to stop and start their LDAP server at will obviously isn't doing anything important with it in the first place.
This sentence is nonsense.
No moreso than the post that prompted it.
Thanks for the clarification. I'm very new to openldap, so I just wanted to clear these fundamental things.
Regards, Tobias
On 24/09/2012 19:35, Yan Gong wrote:
Quanah/Tobias:
Actually, modifying .ldif files directly and restarting the slapd worked for me. I have tested it many times for different changes, so far so good. You are welcome to test it out.
works for me too but I suppose it defeats the whole object of the dynamic config and there are probably other underlying issues specially in master master setups where the config dc is being replicated.
openldap-technical@openldap.org
-
Howard Chu -
Mark Coetser -
Michael Ströder -
Quanah Gibson-Mount -
Tobias Hachmer -
Yan Gong