Discussion:
Removing Overlays Using cn=config
Tim Gustafson
2013-07-31 23:16:51 UTC
Permalink
Hi,

I would like to remove the "auditlog" overlay from one of my databases
on my OpenLDAP server that is running 2.4.35 and is configured via
cn=config.

But, when I try to remove the overlay object, I get:

0x35 (LDAP_UNWILLING_TO_PERFORM)

I Googled around about this, and found some older list messages about
not being able to delete overlays, but most of those messages are
years old and I was wondering if this has changed at all?

If not, what is the "proper" way to remove an overlay?
--
Tim Gustafson
***@ucsc.edu
831-459-5354
Baskin Engineering, Room 313A
Howard Chu
2013-07-31 23:44:55 UTC
Permalink
Post by Tim Gustafson
Hi,
I would like to remove the "auditlog" overlay from one of my databases
on my OpenLDAP server that is running 2.4.35 and is configured via
cn=config.
0x35 (LDAP_UNWILLING_TO_PERFORM)
I Googled around about this, and found some older list messages about
not being able to delete overlays, but most of those messages are
years old and I was wondering if this has changed at all?
cn=config does not support delete operations. This will probably be supported
in OpenLDAP 2.5.
Post by Tim Gustafson
If not, what is the "proper" way to remove an overlay?
slapcat -n0, edit LDIF, remove old configDB and reimport.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Ulrich Windl
2013-08-01 06:18:44 UTC
Permalink
Post by Howard Chu
Post by Tim Gustafson
Hi,
I would like to remove the "auditlog" overlay from one of my databases
on my OpenLDAP server that is running 2.4.35 and is configured via
cn=config.
0x35 (LDAP_UNWILLING_TO_PERFORM)
So actually "UNABLE" would be better than "UNWILLING", as it seems (from what you wrote below) even if slapd wanted to, it could not ;-)
Post by Howard Chu
Post by Tim Gustafson
I Googled around about this, and found some older list messages about
not being able to delete overlays, but most of those messages are
years old and I was wondering if this has changed at all?
cn=config does not support delete operations. This will probably be supported
in OpenLDAP 2.5.
Post by Tim Gustafson
If not, what is the "proper" way to remove an overlay?
slapcat -n0, edit LDIF, remove old configDB and reimport.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Michael Ströder
2013-08-01 06:45:12 UTC
Permalink
Post by Ulrich Windl
Post by Tim Gustafson
Hi,
I would like to remove the "auditlog" overlay from one of my databases
on my OpenLDAP server that is running 2.4.35 and is configured via
cn=config.
0x35 (LDAP_UNWILLING_TO_PERFORM)
So actually "UNABLE" would be better than "UNWILLING", as it seems (from what you wrote below) even if slapd wanted to, it could not ;-)
0x35 (LDAP_UNWILLING_TO_PERFORM) is a LDAP result code and not a free-from log
message.

See also:
http://tools.ietf.org/html/rfc4511#section-4.1.9

Ciao, Michael.

Loading...