On Dienstag 11 Oktober 2011 21:18:18 Jeffrey Crawford wrote: > I have seen in the list archives that using ldapmodify to remove > cn=config elements while openldap is running is not supported. > > However I do need to be able to disable overlays in certain cases > sometimes (Even if it's for testing). I tried shutting down the server > and then modifying the cn=config directory area, by renaming the .ldif > file to ldif.disable. That seems to work but I'm wondering if there > are other caveats I should be considering when performing actions > like that. Making changes to the files in the slapd.d directory manually is a really bad idea. Seems you already found out one reason for that by yourself already :).
As slapd doesn't support deleting entries from cn=config during runtime yet your best bet currently is probably to "slapcat -n0" the config database to a file, remove the entries with you favorite editor (and renumber the remaining entries accordingly), then cleanup the slapd.d directory and re-add the configuration using: slapdadd -n0 -l <your-config.ldif> Note that the master branch in git contains delete support for cn=config, it will eventually endup in a release as well at some point. The SUSE rpms you can get from download.opensuse.org are also patched with backports of the delete code from git-master. In case you are using openSUSE or SLES you might want to try those. > One thing I did notice is that it seems like the openldap server goes > ahead and re-numbers the overlays so there are no gaps. however the > cn=config filesystem area did NOT renumber the files and the server > behaved strangely when I tried to ldapmodify the "disabled" config > back into the running system. (I got a err=32 no such object using > openldap 2.4.26) Stopping the server again and then renaming the > extension .disable to .ldif brought everything back to where it was. > As a side note the ldif I used to create the overlay is the same I > tried to use in this last step. Ralf <
