On Sun, Feb 5, 2012 at 1:47 PM, Emmanuel Lecharny <[email protected]> wrote: > On 2/5/12 6:58 PM, Jose Ildefonso Camargo Tolosa wrote: >> >> Hi Howard! I had the feeling you would reply to my post :) >> >> On Sat, Feb 4, 2012 at 9:41 PM, Howard Chu<[email protected]> wrote: >>> >>> Jose Ildefonso Camargo Tolosa wrote: >>>> >>>> Hi, >>>> >>>> On Sat, Feb 4, 2012 at 1:56 AM, Daniel Savard<[email protected]> wrote: >>>>> >>>>> I would like to know how to reset the rootpw in OpenLDAP 2.4? >>>>> >>>>> Do I need to recreate over the entire configuration database and the >>>>> database itself or there is a trick? >>>> >>>> >>>> Risking to be burned by the community, you could directly edit the >>>> slapd.d files (this is NOT recommended, but you could risk doing it in >>>> your case), this one in particular (shutdown slapd before doing this): >>> >>> >>> If you don't know what you're doing, keep your grubby hands out of there. >>> If >>> you know what you're doing, you don't need us to tell you what to do. >>> >>> You don't know what you're doing, neither does the OP. >> >> Yes, I do know, and I have done that *several* times (without any >> problem, this far). I know it is a risky area, because you have >> warned us several times, but I have not hit any issue yet... >> >> you know, it would be really good if you give us a way of seriously >> breaking the config by directly editing it (while keeping its format: >> maximum line length, no comments, ...) Last time you just used your >> "author right" to ask us to keep away of it, but never actually gave a >> reason for it... and experience have shown me that nothing wrong has >> happen (this far) however, after your warning, I'm always careful >> while doing so, including: shutdown the service and backing up the >> directory before touching its files. > > One very simple rational behind this choice is that, when running an LDAP > server on a 24x7 production env (ie no service shutdown is allowed), with > replication beetwen any servers, then simply modifying a file on a disk does > not do the job. > > But I think Howard already explained that once, or maybe more than once...
Yeah you are right, but if you *can* face the time down: I can't see a real problem (I actually love the feature that you don't have to restart / shutdown the server to edit/apply the config, and very seldom directly edit, only when doing small changes on a no-yet-in-production environment). However, I have never seen a single case where it have failed when you directly edit it (if you have one: please share! I'm really curious about it), I know there is the case of replicated configurations (where directly editing the configs becomes more complex) ... also, you are right: it have been discussed before A LOT of times... still, no use case where it fails (maybe I missed something).... all that I know is that it *could* eventually fail (and thus I think it is just one of these things to be careful with).
