Posted on Sat, 05/05/2012 - 20:16
When using an OpenLDAP server with the dynamic cn=config backend, you can't change the configuration by just editing a config file and restarting the server. In a dynamic backend the config options are stored in LDIF files in the slapd.d directory. However these LDIF files should never be edited.
To change a specific configuration option, you should use the ldapmodify command.
See for example:
$ ldapmodify -Y EXTERNAL -H ldapi:///
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcDbCheckpoint
olcDbCheckpoint: 100000 30
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcDbCheckpoint
olcDbCheckpoint: 100000 30
When you need to authenticate, the local root password should be used. For all available options in the cn=config backend, see the man-page of slapd-config or use the following command:
ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config | less