2012/11/27 Dan White <[email protected]>: > On 11/27/12 10:55 -0500, Rob "Bubba" Hines wrote: >> >> It's been a while since I touched LDAP, so I'm new to the latest >> configuration changes. Admittedly, I find it aggravating that I can't simply >> shutdown the LDAP server and modify the configuration, and start it back up. >> >> Regardless, my intern stuck the wrong paths in for the TLSCerts, ldap will >> not start up now ... I need to modify cn=config with the correct paths, but >> I can't figure out how to get slap* to do it. It hates my ldif, and I just >> want a simple way to change those three paths. I assume that somewhere in >> the arcane knowledge that is LDAP, there is a simple solution. But my Google >> FU has failed me, tho it has served up numerous threads that talk around the >> problem without providing a solution (or the solution provided was simply >> 'use slapadd' with no direction on how to 'use slapadd'). >> >> Here is the latest ldif I've attempted to use (to no avail) with slapadd: >> dn: cn=config >> objectClass: olcGlobal >> cn: config >> olcTLSCACertificateFile: /etc/ldap/tls/cacert.pem >> olcTLSCertificateFile: /etc/ldap/tls/slapd.d/slapd_cert.pem >> olcTLSCertificateKeyFile: /etc/ldap/tls/slapd.d/slapd_key.pem >> >> I assume I just don't know how to write a correct LDIF. But I would >> appreciate any help in modifying cn=config with the server down. > > > The following uses the slapcat/slapadd method to modify your config (in the > case where slapd is not running). Adjust your paths and permissions > accordingly: > > cd /etc/ldap > cp -a slapd.d/ /var/backups/slapd.d-pre-tls-change > mv slapd.d slapd.d.old > mkdir slapd.d > chown openldap:openldap slapd.d > chmod 755 slapd.d > slapcat -n0 -F /etc/ldap/slapd.d.old/ > /tmp/config-in-portable-format.ldif > <edit the ldif> > slapadd -n0 -F /etc/ldap/slapd.d -l /tmp/config-in-portable-format.ldif
Hi, I wrote a little OpenLDAP init script that provide 'backupconfig' and 'restoreconfig' actions. You can find it here: http://ltb-project.org/wiki/documentation/openldap-initscript It can also backup/restore the data. Hope it helps, Clément.
