4

(Downvote me for this question if you must. But I've been googling this and trying to follow tutorials for 2+ days now. I'll take the downvotes if it means hopefully getting this solved.)

I'm struggling with the basics of OpenLDAP on a CentOS Linux VM. I need to make some changes to the file olcDatabase={2}hdb.ldif.

The tutorials I've been trying to follow all say that I should not edit this file directly in a text editor, but I should use a command prompt.

My question is: Why?

All of the tutorials and videos I've seen assume I know things which I do not know, and I'm really growing frustrated with just trying to make a few VERY SIMPLE edits to this file using the command prompt.

What big, terrible thing would happen if I just open the file in the built-in CentOS text editor and make the changes directly there?

Casey Crookston
  • 333
  • 1
  • 3
  • 14

1 Answers1

2

OpenLDAP docs are terrible...

There are two reasons why you shouldn't do it:

  • The config is meant to be changeable in the running system if you do it the proper way, with no restart necessary. If you change the files directly, this no longer works - you need to stop slapd, change the file and then restart it. I am not sure OpenLDAP would pick up changes when you do it while it is running, and worse, it might overwrite them if it thinks it needs to write out the file again for whatever reason.

  • The LDIF file contains metadata that gets updated by OpenLDAP, e.g. change times, checksums etc. Having this not correct might lead to hard to diagnose issues if things go wrong. It is usually a good idea to avoid the potential for this.

In practise, I made manual changes once or twice (with restart) and didn't run into problems, but I would not recommend this. If you think writing LDIF files with change operations is too bothersome (I do!), just use a graphical client, e.g. Apache Directory Studio (which is eclipse-based and a "bit” on the heavy side but works nice anyway).

Sven
  • 97,248
  • 13
  • 177
  • 225
  • Thank you! Can I pick your brain a little about Apache Directory Studio? I have it installed on this VM. But the files in question, when I navigate to them in the file system, require a password to get to, and a password to open. Apache Directory Studio won't let me open them. I get a "Permission Denied" error. How do I work around that? (I can post another question, if that would be better) – Casey Crookston Sep 04 '19 at 15:09
  • Another question (with more details about what you try) would be better. – Sven Sep 04 '19 at 15:10
  • Done! Posted here: https://serverfault.com/questions/981882/trying-to-use-apache-directory-studio-to-edit-ldif-file-results-in-permission-d – Casey Crookston Sep 04 '19 at 15:24
  • Sven, I posted a new question on the same topic: https://serverfault.com/questions/982021/ldapmodify-not-working-doesnt-change-the-file-content – Casey Crookston Sep 05 '19 at 13:33