Hello people,
I would like to ask for correct and/or official way how to remove objects from cn=config.
I have found "how to delete backend DB" and "can't delete bdb backend from cn=config" threads. I know I can activate experimental delete support for cn=config, but I don't want to use experimental features.
I would like to do it correct way. Can you explain how to delete objects from cn=config?
I wanted to test null backend so I have added olcModuleLoad: {1}back_null in cn=module{0} and then I have created olcDatabase={2}null in cn=config. After testing I wanted to delete null backend and unload null module.
But it is impossible to delete olcDatabase={2}null from cn=config (error 53 unwilling to perform) and it is impossible delete the back_null module (error 80 cannot delete olcModuleLoad).
What is correct way to remove such configured backends and modules? I have read about slapcat and slapadd, which can be used to dump cn=config into LDIF, then edit this LDIF and import with slapadd, but the slapd should not be running. Is this only way how to remove some configuration?
Is there any other way to remove configuration online?
Thank you for answers.
Regards,
Robert Wolf.
Hi,
To modify the cn=config DIT you'll have to modify the files under /etc/ldap/slapd.d/cn=config where your config is stored.
In your case : - delete /etc/ldap/slapd.d/cn=config/olcDatabase={2}null/ - modify /etc/ldap/slapd.d/cn=config/cn=module{0}.ldif by removing the line olcModuleLoad: {1}back_null
You should then be able to restart the slapd daemon.
Reguards, Quentin Pétel
Le 13/08/2013 14:34, Robert Wolf a écrit :
module.
But it is impossible to delete olcDatabase={2}null from cn=config (error 53 unwilling to perform) and it is impossible delete the back_null module (error 80 cannot delete olcModuleLoad).
Le 13/08/2013 14:34, Robert Wolf a écrit :
module.
But it is impossible to delete olcDatabase={2}null from cn=config (error 53 unwilling to perform) and it is impossible delete the back_null module (error 80 cannot delete olcModuleLoad).
On Tue, 13 Aug 2013, Quentin PETEL wrote:
Hi,
To modify the cn=config DIT you'll have to modify the files under /etc/ldap/slapd.d/cn=config where your config is stored.
In your case :
- delete /etc/ldap/slapd.d/cn=config/olcDatabase={2}null/
- modify /etc/ldap/slapd.d/cn=config/cn=module{0}.ldif by removing the line
olcModuleLoad: {1}back_null
You should then be able to restart the slapd daemon.
Reguards, Quentin Pétel
Hello Quentin,
do you really mean manually delete using "rm" and/or "vim" in slapd.d???
I know I can do this, I did it first time. But this is not correct way. If you change the files, then slapd reports incorrect checksum.
I know I can edit this folder content using slapcat to LDIF, then edit, and then slapadd, but slapd must be offline.
Is there any other official way to remove parts of config online? Or is it slapcat-edit LDIF-slapadd only solution? At least, I can export config using slapcat, then edit, then create new config dir using slapadd and test config using slaptest and then doing stop slapd, rename config dirs and start slapd on one command line (/etc/init.d/slapd stop; mv cfg.d cfg.d.old ; mv cfg.d.new cfg.d ; /etc/init.d/slapd start).
Is this the only procedure how to remove config?
Regards,
Robert Wolf.
On 19/8/2013 3:23 μμ, Ingo wrote:
To modify the cn=config DIT you'll have to modify the files under
/etc/ldap/slapd.d/cn=config where your config is stored.
NO. do NOT do this,
Why?
Directly manipulating cn=config files will result in a CRC Error and will render your configuration useless.
This issue has been discussed numerous times in this list.
As you were told: use slapcat to generate an ldif, modify the ldif as desired, and use slapadd to generate a new config. This is the only method supported.
Best regards, Nick
On 19.08.2013 15:09, Nick Milas wrote:
On 19/8/2013 3:23 μμ, Ingo wrote:
To modify the cn=config DIT you'll have to modify the files under
/etc/ldap/slapd.d/cn=config where your config is stored.
NO. do NOT do this,
Why?
Directly manipulating cn=config files will result in a CRC Error and will render your configuration useless.
Thank you :)
This issue has been discussed numerous times in this list.
I don't know. From time to time there are comming new members like me. Do you like that?
As you were told:
It's to Robert ...
use slapcat to generate an ldif, modify the ldif as desired, and use slapadd to generate a new config.
Yes, I know. But I didn't know why not to use cn=config files.
This is the only method supported.
OK, I'm going now to read section 5 of the administrator's guide again.
regards Ingo
On 2013.08.19 08.23, Ingo wrote:
On 13.08.2013 19:02, btb wrote:
On 2013.08.13 12.17, Quentin PETEL wrote:
Hi,
To modify the cn=config DIT you'll have to modify the files under /etc/ldap/slapd.d/cn=config where your config is stored.
NO. do NOT do this,
Why?
read section 5 of the administrator's guide.
-ben
On 19.08.2013 15:42, btb wrote:
On 2013.08.19 08.23, Ingo wrote:
On 13.08.2013 19:02, btb wrote:
On 2013.08.13 12.17, Quentin PETEL wrote:
Hi,
To modify the cn=config DIT you'll have to modify the files under /etc/ldap/slapd.d/cn=config where your config is stored.
NO. do NOT do this,
Why?
read section 5 of the administrator's guide.
This one? http://www.openldap.org/doc/admin24/slapdconf2.html
I read it before but doesn't remember:
"Note: Although the slapd-config(5) system stores its configuration as (text-based) LDIF files, you should never edit any of the LDIF files directly. Configuration changes should be performed via LDAP operations, e.g. ldapadd(1), ldapdelete(1), or ldapmodify(1)."
OK, have it now :)
regards Ingo
--On Tuesday, August 13, 2013 6:17 PM +0200 Quentin PETEL quentin.petel@nameshield.net wrote:
Hi,
To modify the cn=config DIT you'll have to modify the files under /etc/ldap/slapd.d/cn=config where your config is stored.
In your case :
- delete /etc/ldap/slapd.d/cn=config/olcDatabase={2}null/
- modify /etc/ldap/slapd.d/cn=config/cn=module{0}.ldif by removing the
line olcModuleLoad: {1}back_null
You should then be able to restart the slapd daemon.
This is not the supported method. Supported method is slapcat/slapadd, as has been mentioned numerous times on the list.
OpenLDAP 2.5 may add delete support for cn=config.
--Quanah
--
Quanah Gibson-Mount Lead Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
On 2013.08.13 08.34, Robert Wolf wrote:
Hello people,
I would like to ask for correct and/or official way how to remove objects from cn=config.
currently, the delete operation is not supported. this may change in a subsequent version. currently, use slapcat to generate an ldif, modify the ldif as desired, and use slapadd to generate a new config. see the man pages for the particulars on that process.
-ben
openldap-technical@openldap.org
-
btb -
Ingo -
Nick Milas -
Quanah Gibson-Mount -
Quentin PETEL -
Robert Wolf