[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: nisDomainObject documentation? openldap 2.1.2+



fre, 2003-01-17 kl. 19:37 skrev Yelich, Scott D.:

> 
> What I have found is that it appears that I need to add:
> objectClass: organization
> and later:
> o: myorg
> 
> to each and every entry into ldap.

Nonsense. You  can't, for example, call a person an organization. If you
try to, it won't work.

> This doesn't seem to be documented, 
> but it's strongly hinted at with statements like "perhaps add an
> organization" ... etc.

One defines an organization when there's talk about an o: objectClass.
 
> This is what I'm talking about.  How can one
> easily tell what parts of the schemas as a MUST vs optional, etc.

Howard pointed the following out yesterday. In your Openldap
distribution directory there is a subdirectory doc/rfc. In there, you'll
find most of the history and present practical use of schemas and how to
implement them. As well as how Openldap (and x500) works. Took me about
2 1/2 hours this morning to go through.
.. 
> the quickstart says "-x" .. but ldapadd doesn't have a "-x" and gives
> a usage.  "-v" causes it to core many times.

You asked people to contact you privately by email and I did. One of the
things I said, was that a standard Solaris 8 installation installs its
own libraries, clients, daemons etc. and you'll get conflicts. Use pkgrm
diligently. ldapadd *does* have -x, but you're using the Solaris 8 one,
that doesn't, since that's the default on your box. Since you blindly
went ahead and ignored what others have said, why do you ask?

> If you search the net for "openldap nisDomainObject" -- you'll see
> there's
> no end to the headache, but there's not a single page that doesn't say
> much more than "you need to add an nisDomain" before solaris ldap will
> work.

But you don't *want* to use Solaris ldap. You want to use Openldap.

An other thing I suggested, was get to hold of a Linux machine and
practice on that, first. That way, you'll know what is supposed to
happen.

Best,

Tony

-- 

Tony Earnshaw

When all's said and done ...
there's nothing left to say or do.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl