[Date Prev][Date Next]
Re: On removing a duplicated ppolicy overlay
- To: Daniel Howard <firstname.lastname@example.org>, email@example.com
- Subject: Re: On removing a duplicated ppolicy overlay
- From: Quanah Gibson-Mount <firstname.lastname@example.org>
- Date: Tue, 27 Nov 2018 15:17:07 -0800
- Content-disposition: inline
- In-reply-to: <CAKU=tE9PiQ29n7_dLVES=MnE6tPADqynX+LpO5dA=SB783V1Wg@mail.gmail.com>
- References: <CAKU=tE9PiQ29n7_dLVES=MnE6tPADqynX+LpO5dA=SB783V1Wg@mail.gmail.com>
--On Tuesday, November 27, 2018 2:22 PM -0800 Daniel Howard
While you are asked to configure stuff using an LDAP command that cannot
delete duplicate policy overlays, the config data doesn't get written
into the database, but just placed in plain-text files in a directory
structure. Removing duplicated overlays is as simple as stop slapd,
remove the files, start slapd. Similarly, you could tweak your ppolicy
overlay or possibly even bootstrap new servers by merely editing the
right config files in the right place.
Don't do that.
I had been yearning for a config file, and it turns out I had them all
It's a database, not configuration files. Removing files from underneath a
database is generally not a good idea, although YMMV.
I am sharing my experience here, for the next person who finds themselves
googling around, trying to figure out how to remove or tweak a config in
OpenLDAP. It is nowhere near as complicated as what I had read.
This is the wrong advice. It is also fairly trivial to do what you avoided.
a) slapcat -n 0 -l /tmp/config.ldif
b) Remove the duplicate entries from /tmp/config.ldif
c) mv /path/to/current/config /path/to/current/config.old;mkdir -p
d) slapadd -n 0 -l /tmp/config.ldif
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: