--On Monday, September 13, 2010 9:25 AM +0200 "Mathieu Parent (Debian)"
<sath...@debian.org> wrote:
Hi,
On Mon, Sep 13, 2010 at 4:24 AM, Steve Langasek <vor...@debian.org> wrote:
...
Note that kolabd for Wheezy will manage cn=config natively (most
probably by creating slapd.conf and using slaptest; but perhaps by
directly issuing ldap commands).
Is there any reason this (slapd.conf + slaptest) couldn't be used as the
workaround in squeeze? That still doesn't sound great to me given that
it would overwrite any previously present cn=config settings, but it
seems to be the existing practice that kolabd will overwrite slapd
configs, so it should at least do so in the preferred location; and
getting this right shouldn't be any harder than the policy-violating
conffile overwrite.
OK. Let's go for this path. I will upload a new kolabd that revert the
hack and upload a new libkolab-perl package which run slaptest after
changing any openldap config (this is where this fix belongs).
For the long term, how can we be sure to have write access to
cn=config? Couldn't slapd package provide a tool to query cn=config
(like ldapconfigsearch) which uses ldapsearch with proper credentials
if slapd is running and uses something else when slapd is stopped.
Similary, provide an ldapconfigmodify. Also providing ldapschemaadd,
ldapschemaremove, ... can ease the integration from other packages.
I think you're looking for slapmodify, a tool I specifically requested be
written a while back. It exists currently in OpenLDAP HEAD. It allows the
offline modification of cn=config.
See ITS#6165.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
