[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: On removing a duplicated ppolicy overlay

--On Tuesday, November 27, 2018 2:22 PM -0800 Daniel Howard <dannyman@toldme.com> wrote:

While you are asked to configure stuff using an LDAP command that cannot
delete duplicate policy overlays, the config data doesn't get written
into the database, but just placed in plain-text files in a directory
structure. Removing duplicated overlays is as simple as stop slapd,
remove the files, start slapd. Similarly, you could tweak your ppolicy
overlay or possibly even bootstrap new servers by merely editing the
right config files in the right place.

Don't do that.

I had been yearning for a config file, and it turns out I had them all

It's a database, not configuration files. Removing files from underneath a database is generally not a good idea, although YMMV.

I am sharing my experience here, for the next person who finds themselves
googling around, trying to figure out how to remove or tweak a config in
OpenLDAP. It is nowhere near as complicated as what I had read.

This is the wrong advice.  It is also fairly trivial to do what you avoided.

a) slapcat -n 0 -l /tmp/config.ldif
b) Remove the duplicate entries from /tmp/config.ldif
c) mv /path/to/current/config /path/to/current/config.old;mkdir -p /path/to/current/config
d) slapadd -n 0 -l /tmp/config.ldif

The end.


Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: