On 10/30/24 2:52 AM, Windl, Ulrich wrote:
-----Original Message-----
From: Brendan Kearney <[email protected]>
Sent: Monday, October 21, 2024 7:52 PM
To: Quanah Gibson-Mount <[email protected]>; openldap-
[email protected]
Subject: [EXT] Re: Removing AutoCA overlay, objectClass, etc
...
#!/bin/bash
name=`hostname`
date=$(date +%b-%d-%Y)
/sbin/slapcat -n0 -l /root/$name.config.$date.ldif
/sbin/slapcat -n2 -l /root/$name.bpk2.$date.ldif
mv /root/$name.*.ldif /backups/
if i run just "slapcat -n0" from the command line, i sometimes get the
LDIF output, while other times i get the following error:
[Windl, Ulrich]
Maybe examining the exit code of the command before continuing might be a good
idea. 😉
Capturing and examining the command output might be another good idea.
...
Regards,
Ulrich
i recently spent time looking at this. using debug from the commands, i
could see that the olcAutoCAserverClass attribute was causing an error.Â
i had it set to "device", so i deleted the attribute as well as the
olcAutoCAuserClass attribute (which was set to "person"). now i can get
consistent, proper output from slapcat and can backup things with my
script. not sure if this is a bug or what. i'm running 2.6.6, which is
probably a bit long in the tooth.
in addition, i was finally able to delete the cACertificate and
cAPrivateKey attributes. in the autoCA overlay config, i had
olcDisabled set to true. by removing the attribute there (not setting
it to false, just deleting it), i was able to delete the attributes with
the ldapmodify suggestion. of note, the attributes have to be
cACertificate;binary and cAPrivateKey;binary. the syntax requires the
";binary" piece.
thanks for the help and insight.
