On Fri, Sep 15, 2017 at 08:28:25AM -0700, Quanah Gibson-Mount wrote:
--On Friday, September 15, 2017 9:18 AM -0700 Ryan Tandy
> IIRC slapcat doesn't work in this case, because it fails to initialize
> the ppolicy module.
> The linked CentOS and RHEL bugs recommend downgrading slapd to the
> previously working version and using ldapmodify.
Yeah, that's ugly :/ Another reason we really need to get slapmodify out,
and some way to execute it with an option to not load modules or similar.
I guess I should document how you can do that with slapmodify already.
The easiest way, so for simplicity of explanation let's use slapd.conf,
cn=config can still be used:
- put your broken cn=config into another directory (cn=recovery),
symlinking might work
- set up a slapd.conf:
- start slapmodify with above config and no schema checking, make your
changes to ...,cn=config,cn=recovery
- move your config back where you need it
That's it, no modules loaded and no cn=config checking for this either,
for better or worse.
Senior Software Engineer
Symas Corporation http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP