[Pkg-openldap-devel] OpenLDAP and cn=config.

[Matthijs Mohlmann]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Mathias: I saw that you wrote the initial draft for Ubuntu, probably you
have some suggestions here, so please go ahead. :)

Migrating from the current slapd.conf to cn=config requires some steps.
I've seen the following that needs to be done:

- - Stop slapd
- - Add 'database config' to the slapd.conf
  Add 'rootdn cn=admin,cn=config'
  Eventually: Add 'rootpw somesecret'

- - Create the slapd.d directory in /etc/ldap
- - Set the appropriate permissions as slapd wants to read / write there.
- - Convert the database with slaptest -f /etc/ldap/slapd.conf -F slapd.d
- - Move the current slapd.conf to a backup file.
- - Start slapd again.

Questions:
Should we ask the user what he wants ? I think the user needs a choice,
does he want to use the cn=config feature or not.

Should we create a backup first (databases and configuration). Yes I
think so.

We need a fallback when the conversion to cn=config fails somehow. So
falling back to the old behaviour with slapd.conf instead of cn=config
is a good idea I think.

I don't like the idea of adding 'rootpw somesecret' to the slapd.conf,
maybe there is another way to set it. Quanah / Russ can you comment on
this ?

Quanah, are you using cn=config already and if so, are there specific
things we need to know for such a conversion. I don't have experience
with cn=config at this moment.

Please comment.

Regards,

Matthijs Mohlmann
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIRGzz2n1ROIkXqbARAo52AJ9rwFdKGCrBx//Zd+0L9Ey39LcxMACcDudc
05vJfaHjfwGXBm+p4vgpxYc=
=c0Az
-----END PGP SIGNATURE-----