On Fri, Oct 27, 2023 at 5:58 PM Quanah Gibson-Mount quanah@fast-mail.org wrote:
--On Friday, October 27, 2023 10:51 AM +0200 Alejandro Imass aimass@yabarana.com wrote:
Again for future people reading this, if you encounter ACL issues and you want to modify the LDIF database in /etc/openldap/slapd.d don't do it manually.
Your advice here is generally wrong.
You mean they SHOULD edit them manually ? I'm actually suggesting to use slapadd and slapmodify directly on the filesystem if everything else fails. What's wrong with that suggestion?
--On Friday, October 27, 2023 8:15 PM +0200 Alejandro Imass aimass@yabarana.com wrote:
Again for future people reading this, if you encounter ACL issues and you want to modify the LDIF database in /etc/openldap/slapd.d don't do it manually.
Your advice here is generally wrong.
You mean they SHOULD edit them manually ? I'm actually suggesting to use slapadd and slapmodify directly on the filesystem if everything else fails. What's wrong with that suggestion?
You should have a properly configured system that allows modification of cn=config via ldap* commands while the system is online. slapmodify can be useful in specific circumstances but it's not the best solution here.
--Quanah
openldap-technical@openldap.org