Re: removing ppolicy overlay

2018-06-01 Thread Daniel Howard 
On Thu, Apr 19, 2018 at 5:12 AM, Frank Swasey  wrote:
>
> For future reference here's the procedure that I've worked up:
>
> shutdown slapd on all MMR members
> slapcat the database
> edit the database to remove all "pwd*" attributes and all entries that are
> pwd* objectClass
> edit the slapd.conf file (if you are using slapd.d you are on your own)
> replace the database (delete, and slapadd)
> Empty the accesslog database if you are using that
> start slapd
>
> Copy your edited database to the rest of your servers and use the tried
> and true "nuke & repave" process to delete the existing database, edit the
> config, slapadd the edited database


​Frank,

Thank you for outlining this process​. Does anyone have a preferred "hand
holding" walkthrough they could recommend for this type of procedure, for
those of us who are not as confident in our OpenLDAP prowess?

​Cheers,
-danny​


-- 
http://dannyman.toldme.com

Re: removing ppolicy overlay

2018-04-24 Thread Quanah Gibson-Mount 
--On Thursday, April 19, 2018 1:12 PM + Frank Swasey 
 wrote:



edit the slapd.conf file (if you are using slapd.d you are on your own)


It's not that different for slapd.d.  You'd want to slapcat it, remove the 
ppolicy overlay bits, and slapadd it back in. ;)


--Quanah



--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:

Re: removing ppolicy overlay

2018-04-19 Thread Frank Swasey 
The lack of responses indicates that people either do not use ppolicy or once 
used, they never remove it.

For future reference here's the procedure that I've worked up:

shutdown slapd on all MMR members
slapcat the database
edit the database to remove all "pwd*" attributes and all entries that are pwd* 
objectClass
edit the slapd.conf file (if you are using slapd.d you are on your own)
replace the database (delete, and slapadd)
Empty the accesslog database if you are using that
start slapd

Copy your edited database to the rest of your servers and use the tried and 
true "nuke & repave" process to delete the existing database, edit the config, 
slapadd the edited database

 - Frank

> On Apr 16, 2018, at 11:09, Frank Swasey  wrote:
> 
> Is there a recommended way to discontinue the use of the ppolicy overlay?  
> 
> The only way I've found that works is to stop the ldap server and using 
> slapcat/edit/slapadd eradicate all the ppolicy attributes (combined with 
> removing the ppolicy overlay and schema from the slapd.conf file).
> 
> I'm attempting this on RHEL7 with OpenLDAP 2.4.46 (local built).
> 
> Thanks,
>  - Frank



smime.p7s
Description: S/MIME cryptographic signature

removing ppolicy overlay

2018-04-16 Thread Frank Swasey 
Is there a recommended way to discontinue the use of the ppolicy overlay?  

The only way I've found that works is to stop the ldap server and using 
slapcat/edit/slapadd eradicate all the ppolicy attributes (combined with 
removing the ppolicy overlay and schema from the slapd.conf file).

I'm attempting this on RHEL7 with OpenLDAP 2.4.46 (local built).

Thanks,
  - Frank

smime.p7s
Description: S/MIME cryptographic signature