74Hi;
After about 150 hours of researching LDAP/OpenLDAP, I have finally come to the realization, among many others, that I need to build a slapd.d configuration file, not a slapd.conf configuration file. There are differences, but the documentation I've read thus far unfortunately clouds the issues. I have the following questions:
* Does someone out there in OpenLDAP-land have a slapd.d conf file they could share? That would help me more than the rest of these questions.
* Do I want to include LDIF schema files, or SCHEMA schema files, or both?
* Which format do I use below: A or
B?
A) include /usr/share/openldap/schema/core.schema
B) olcInclude /usr/share/openldap/schema/core.schema
Or is *this* correct?
C) include: file:///usr/local/etc/openldap/schema/core.ldif
* What is the difference between the attributeTypes/objectClasses in the *.schema files and the olcAttributeTypes/olcObjectClasses in the *.ldif files? What was the point in renaming them? To cut down on confusion? (I dare say it didn't.)
* Do I still need an ldap.conf file?
* Are the following still correct?
pidfile /var/run/ldap/slapd.pid
argsfile /var/run/ldap/slapd.args
modulepath
/usr/lib/openldap
pam_ldap
sasl-host ldap.2012.vi
TLSRandFile /dev/random
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /etc/ssl/openldap/ldap.pem
TLSCertificateKeyFile /etc/ssl/openldap/ldap.pem
TLSCACertificatePath /etc/ssl/openldap/
TLSCACertificateFile /etc/ssl/cacert.pem
TLSCACertificateFile
/etc/ssl/openldap/ldap.pem
TLSVerifyClient demand # ([never]|allow|try|demand)
loglevel 256
database bdb
suffix "dc=2012,dc=vi"
rootdn "cn=admin,dc=2012,dc=vi"
directory /var/lib/ldap
index objectClass eq,pres
access: to dn.base="/var/lib/ldap" by root read
database monitor
Pulling my
hair out,
Ted