I have 'inherited' an openldap (CentOS 7) server which configuration is handled dynamically (using a slapd.d directory and a tree of ldif files).
I used ldapmodify to add an attribute (olcDbCheckpoint) to one of the backends. The change had the expected results, and I can see it with an ldapsearch -D 'cn=config' ... query.
But none of the files in /etc/openldap/slapd.d has been updated and I cannot find any reference to my new attribute in it... The slapcat -b "cn=config" command (which seems to be reading this directory) does not show the parameter either.
The slapd process command does not refer to another directory that would be located elsewhere.
I also checked that the ldap user running the service is owner with write permissions on all of the slapd.d tree.
I thought this directory was maintained by the openldap service and read at the service start? Now I'm afraid the olcDbCheckpoint parameter and others that might have been modified in the past won't survive a restart.
Should the slapd.d directory have been updated, and is there any way to force a dump of the in-memory configuration to slapd.d?
EDIT:
- I have restarted the slapd service, the value is not persisted. I have modified the configuration again, and restarted the service again: still not persisted, and slapd.d still not updated.
- There are in fact 2 mirrored OpenLDAP servers which present the same behaviour. The data backend is synchronized correctly but the configuration backend is not - although it should according to the configuration. At slapd restart, the initial config sync fails because there is no
entryUUID in slapd.d/cn=config/cn=module{0}.ldif (on both servers). I'm starting to think that some config files where edited manually...
