----- "Gervase Markham" <[email protected]> wrote: > On 07/03/11 21:33, Howard Chu wrote: > > Gervase Markham wrote: > >> On 07/03/11 17:49, Gervase Markham wrote: > >>> oldRootDN: cn=admin,cn=config > >> ----^ > >> > >> And that would be the problem :-| > >> > >> Thank you for your help.<shuffles feet in an embarrassed fashion> > > > > cn=config is an LDAP database, it is not a collection of files for > you > > to edit by hand. > > Although presumably if you manage to mess up your configuration > enough, > that's what you have to do.
But, how did you mess it up so bad in the first place? I've seen "you can edit the files by hand > if > it all goes wrong" used as an argument for using the LDIF backend for > > cn=config in the archives of this very mailing list, if I'm not > mistaken. > > > You are supposed to use ldapmodify on it, for reasons > > of this very nature. I.e., ldapmodify gets syntax-checked and > stupid > > typos of this sort get caught. > > But being able to edit the database is precisely the problem I had! > It's > rather chicken and egg. > > > If you had used "ldapmodify -H ldapi:/// -Y EXTERNAL" to add the > desired > > attributes you wouldn't have these silly problems. > > Yes, of course - because Real Men use commands with a minimum of 4 > command-line flags to do any operation, and if I'm not up to that, I > can't possibly be worthy to use OpenLDAP. echo -e "URI ldapi:///\nSASL_MECH EXTERNAL" >> ~/.ldaprc Then you won't have to use 4 commandline flags in future. > > If your LDAP browsers don't support ldapi:/// that's their > deficiency... > > I don't even know what the "i" in ldapi is, or how it's different from > > ldap://. And this search of the OpenLDAP documentation is sadly > unenlightening: > > http://www.google.co.uk/search?hl=en&q=ldapi%20site%3Aopenldap.org/doc > > Can you tell me which LDAP browsers do support this scheme? After all, > > the other part of my message was asking for advice on which was best. > > > There are two ways you, the development team, can think about > OpenLDAP: Which development team shipped your config, and set you up with config editing using ldapi, but didn't think it was a good idea to populate root's .ldaprc ? Probably not the OpenLDAP team. Regards, Buchan
