--On Thursday, April 18, 2013 4:58 PM +0200 Michael Ströder
<[email protected]> wrote:
Quanah Gibson-Mount wrote:
--On Thursday, April 18, 2013 7:18 AM -0300 Diego Woitasen
<[email protected]> wrote:
I know that I could remove it from the filesystem, but I wouldn't.
You can use slapcat -n 0 to export your cn=config database to LDIF.
Modify the LDIF for cn=config to no longer reference back-shell, and
then reload your cn=config DB using slapadd -n 0.
IIRC the official OpenLDAP developer statement about this approach was up
to now: Don't do that!
No, using slapcat/slapadd has been the only supported method. The "Don't
Do That" is manually editing the files under cn=config.
Personally I'd like to see some sort of offline mode for slapd that
allows you to purely edit cn=config over ldapi:/// where slapd only
accepts connections from the rootdn, and will only respond to queries
against the cn=config DIT.
Well, the ldapi:/// thing already works.
Only for default builds deleting something from cn=config does not work
at all.
Incorrect. By default ldapi:/// would allow any client connecting over
ldapi:/// to query any part of the DIT. And I have a number of such
clients. Please re-read my description.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
