There are a number of really good clients to help with the issues
you’re having. ldapvi[0] is a pretty simple client that lets you
edit ldap objects in vi and commit the differences. Apache Directory
Studio[1] is a more heavyweight, feature-complete client built on
top of eclipse.
Sorry to butt in, but the apache studio works with openldap too? I
was
under the impression it was just for ApacheDS. If it works with openldap
I might give it a shot as it has been rather sticky with the other tools
I've tried.
I really recommend you use one of these, it will make your life
easier, as you seem to be making a lot of basic mistakes. If you
get used to modifying your config in this way, you will learn to
appreciate being able to make config changes without restarting
slapd, and being able to replicate configuration between servers.
I found the olc config backend challenging when I first used it,
but now I would not go back to the config file-based format.
[0]:
http://www.lichteblau.com/ldapvi/
[1]:
http://directory.apache.org/studio/
On Nov 26, 2014, at 12:55 PM, Quanah Gibson-Mount <quanah(a)zimbra.com> wrote:
> --On Wednesday, November 26, 2014 12:13 PM +0100 Onno van der Straaten
<onno.van.der.straaten(a)gmail.com> wrote:
>
>> And....another one. Amazing. So hard to understand the OpenLDAP
>> interface. Might just as well have been in Chinese.
>>
>>
>>
>> $ ldapmodify -h
zimbra.server.com -p 389 -D "cn=config" -f
>> olc_password_hash.ldif -W
>> ldap_initialize( ldap://zimbra.onknows.com:389 )
>> Enter LDAP Password:
>> replace olcPasswordHash:
>> {SSHA}
>> modifying entry "olcDatabase={-1}frontend,cn=config"
>> modify complete
>>
>>
>> So the "modify complete" sort of suggestive of some kind of success
>> completion or change applied. One would think. No.
>>
>>
>> The olcPasswordHash was "modified complete" to have exact same value
as
>> before. Sort of expected OpenLDAP to be "unwilling to perform", which
>> often it is. Not now. It just is "willing to ignore". Almost human.
> Your list of complaints so far:
>
> a) You told OpenLDAP to load a file that didn't exist
> b) You modified a file, by hand, where the first comment in the file is:
> # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
> c) In doing (b), you failed to preserve proper file permissions
> d) You failed to use the correct tools for doing what you wanted to do, after you
broke the configuration (slapcat/slapadd)
>
> I'm not really sure what to make of your above complaint. It seems you are
saying you think it is an error for ldap to replace a value with itself? All LDAP servers
will do that with a replace operation.
>
> I.e., there is significant user error present here, and you got yourself into a bad
spot, and made it worse via your own actions. A lack of understanding how to use a piece
of software does not indicate the software itself is flawed. I will agree that it takes
some time to learn how to work with LDAP in general, regardless of it is OpenLDAP, 389,
Apache DS, etc. It may indeed be best in your case, to have a graphical UI hiding the
grisly details from you, since those details are apparently causing significant challenge
in your case. However, in the long run, it pays off significantly to understand the
technology you're attempting to use.
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Server Architect
> Zimbra, Inc.
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>