--On Friday, September 15, 2017 9:18 AM -0700 Ryan Tandy ryan@nardis.ca wrote:
IIRC slapcat doesn't work in this case, because it fails to initialize the ppolicy module.
The linked CentOS and RHEL bugs recommend downgrading slapd to the previously working version and using ldapmodify.
Yeah, that's ugly :/ Another reason we really need to get slapmodify out, and some way to execute it with an option to not load modules or similar.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
On Fri, Sep 15, 2017 at 08:28:25AM -0700, Quanah Gibson-Mount wrote:
--On Friday, September 15, 2017 9:18 AM -0700 Ryan Tandy ryan@nardis.ca wrote:
IIRC slapcat doesn't work in this case, because it fails to initialize the ppolicy module.
The linked CentOS and RHEL bugs recommend downgrading slapd to the previously working version and using ldapmodify.
Yeah, that's ugly :/ Another reason we really need to get slapmodify out, and some way to execute it with an option to not load modules or similar.
I guess I should document how you can do that with slapmodify already.
The easiest way, so for simplicity of explanation let's use slapd.conf, cn=config can still be used: - put your broken cn=config into another directory (cn=recovery), symlinking might work - set up a slapd.conf: database ldif directory <dir> suffix cn=recovery - start slapmodify with above config and no schema checking, make your changes to ...,cn=config,cn=recovery - move your config back where you need it
That's it, no modules loaded and no cn=config checking for this either, for better or worse.
Ondřej Kuzník wrote:
The easiest way, so for simplicity of explanation let's use slapd.conf, cn=config can still be used:
- put your broken cn=config into another directory
(cn=recovery), symlinking might work
- set up a slapd.conf: database ldif directory <dir> suffix cn=recovery
- start slapmodify with above config and no schema checking,
make your changes to ...,cn=config,cn=recovery
- move your config back where you need it
That's it, no modules loaded and no cn=config checking for this either, for better or worse.
I hope slapd.conf will never go away. :-/
Ciao, Michael.
openldap-technical@openldap.org
-
Michael Ströder -
Ondřej Kuzník -
Quanah Gibson-Mount -
Simone Piccardi