Univention Bugzilla – Bug 43515
Enable "database config" for dynamic slapd configuration without restart
Last modified: 2019-02-13 13:27:20 CET
We should add database config rootdn "cn=admin,cn=config" #rootpw SECRET access to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break to /etc/ldap/slapd.conf to enable the OpenLDAP configdb. This can be used to configure OpenLDAP on-the-fly, for example changing the debug level without restarting the slapd: ldapsearch -LLLo ldif-wrap=no -b cn=config -H ldapi:// -Y EXTERNAL -s base olcLogLevel to read the current debug level For editing: ldapmodify -H ldapi:// -Y EXTERNAL <<__LDIF__ dn: cn=config changetype: modify add: olcLogLevel olcLogLevel: Conns olcLogLevel: Stats __LDIF__ To create said config: #!/bin/sh UCR='/etc/univention/templates' CONF='/etc/ldap/slapd.conf' TMPL="${CONF#/}.d/39configdb" cat >"$UCR/files/$TMPL" <<__CONF__ database config rootdn "cn=admin,cn=config # rootpw SECRET access to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break __CONF__ printf "Type: subfile\nMultifile: ${CONF#/}\nSubfile: ${TMPL}" >"$UCR/info/openldap-configdb.info" ucr register openldap-configdb service slapd restart
(In reply to Philipp Hahn from comment #0) > To create said config: Fix missing " in 'rootdn': #!/bin/sh UCR='/etc/univention/templates' CONF='/etc/ldap/slapd.conf' TMPL="${CONF#/}.d/39configdb" cat >"$UCR/files/$TMPL" <<__CONF__ database config rootdn "cn=admin,cn=config" # rootpw SECRET access to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break __CONF__ printf "Type: subfile\nMultifile: ${CONF#/}\nSubfile: ${TMPL}" >"$UCR/info/openldap-configdb.info" ucr register openldap-configdb service slapd restart
Successful build Package: univention-ldap Version: 14.0.2-32A~4.3.0.201812141257 Branch: ucs_4.3-0 Scope: errata4.3-3 User: jbremer c7b449afe9 Bug #43515: Advisory 43d7af4398 Bug #43515: Enabled database config for OLC in openldap c351e2d5af Bug #43515: Version bump c18bc61798 Bug #43515: Enabled database config in slapd.conf I added the file 39configdb in ./management/univention-ldap/conffiles/etc/ldap/slapd.conf.d to configure database config for simple bind and sasl authentication
f83057b00c Bug #43515: Advisory f2836dd99a Bug #43515: Merge branch 'jbremer/bug43515' into 4.3-3 9c49170c43 Bug #43515: Cleanup 39175d0176 Bug #43515: Use ldap/hostdn only if it exists Successful build Package: univention-ldap Version: 14.0.2-33A~4.3.0.201812171224 Branch: ucs_4.3-0 Scope: errata4.3-3 User: jbremer Only use 'ldap/hostdn' if ucr variable ldap/hostdn is already set.
The new template breaks slapd.conf: ucr commit /etc/ldap/slapd.conf Multifile: /etc/ldap/slapd.conf File "<stdin>", line 8 if %(ldap/hostdn)s % configRegistry : ^ SyntaxError: invalid syntax
afc70856ed | Allow access to cn=config only via LDAPI for now 631f8782fa | Advisory
this is wrong: grep -r 39configdb * debian/univention-ldap-client.univention-config-registry:Subfile: etc/ldap/slapd.conf.d/39configdb this is a template for the slapd -> univention-ldap-server, so add the subfile to debian/univention-ldap-client.univention-config-registry
1381c41143 | moved to univention-ldap-server d0ddcd5e32 | Advisory 2085a7edf2 | merge to 4.4-0
OK - univention-ldap OK - yaml OK - 4.4
<http://errata.software-univention.de/ucs/4.3/426.html>