Re: quick-start guide out-of-date

To: Buchan Milne <bgmilne@staff.telkomsa.net>, "Mark J. Reed" <markjreed@gmail.com>

Subject: Re: quick-start guide out-of-date

From: Anders Geffen <anders.geffen@yahoo.com>

Date: Wed, 20 Oct 2010 11:52:38 -0700 (PDT)

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1287600760; bh=aiOkU2V4bKTbVwD2Uhu+wbDd3mO4Fk1PAwpayMpzvCI=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=SZwJaOhyehTeAgo0BXSYWPPO2rTfzGLXQL0lAA0q8lp3uDBwV9qCTBGIvT+sUijogzGbeV/YZ8IjbF2WhoSC/rdHf9Gr9gSv/BzIHqNw/gi2QZ47yoFHowkpcq5m/bRBzEJ84nxFTzosrlnLRZAIbnhhmtVUWkn7dZaMCW6u1DM=

Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=hr/2sptM0XfAKhB6t61/eZh5FYZHb0Em1Jh/QdaJwE5WTYEXR7Ro+hlRw9kDyRqYs9pLRO5t5rU1xCBpnp8wYmpE+ysvjTW82vq1Rj/BLI4WuTjxCwz7Jg14VFlQgvL43kpaHz9nHkwsLW+1zVRUeJ5i8uTQzXF6L/FxTJhDVDM=;

In-reply-to: <AANLkTink5WKKy6Chp+SXg0vep7k7Q39hY1Gi1KoBN8B0@mail.gmail.com>

Thanks Mark, Buchan and Aaron for your responses.

In fact, it was the Fedora-provided package that I installed; it also does not include slapd.conf. Taking Buchan's advice, I removed the Fedora package and built from source (version 2.4.23) and slapd.conf is there.

I'm interested in the consensus answer to your question:

> All of which is bound to leave the beginning openldap admin a tiny bit
> confused. What's considered best practice right now for new
> installs?

It sounds like for now the safest bet is to use slapd.conf - I'll go that route for now I guess.

Thanks,
Anders

--- On Wed, 10/20/10, Mark J. Reed <markjreed@gmail.com> wrote:

From: Mark J. Reed <markjreed@gmail.com>
Subject: Re: quick-start guide out-of-date
To: "Buchan Milne" <bgmilne@staff.telkomsa.net>
Cc: openldap-technical@openldap.org, "Anders Geffen" <anders.geffen@yahoo.com>
Date: Wednesday, October 20, 2010, 5:33 PM

On Wed, Oct 20, 2010 at 7:54 AM, Buchan Milne
<bgmilne@staff.telkomsa.net> wrote:
> Assuming you didn't install from source, consult whoever provided you with
> OpenLDAP without a slapd.conf.

I'm guessing that's Canonical; the slapd package shipped for Ubuntu
has no slapd.conf, just a slapd.d/cn=config tree. Maybe they jumped
the gun a bit, but I've seen lots of (at least unofficial) mentions
that the slapd.conf style is outdated and back-config is the way to
go. Which makes using slapd.conf for a brand new installation feel
unwise. Old-fashioned, at best. I seem to recall reading as much in
the documentation somewhere, too, but I won't swear to it.

However, the new hotness is not, as far as I can tell,
well-documented. Things like slapd-ldap(5)'s CONFIGURATION section
say absolutely nothing about back-config; I had to read the source
code to find the mapping from configuration parameters (like
"acl-authcDN") to LDAP attributes (like "olcDbACLAuthcDN"). So,
currently, it seems the easiest way to create a back-config is to
write a slapd.conf and then convert it with slaptest.

All of which is bound to leave the beginning openldap admin a tiny bit
confused. What's considered best practice right now for new
installs?

--
Mark J. Reed <markjreed@gmail.com>

References:

Re: quick-start guide out-of-date
- From: "Mark J. Reed" <markjreed@gmail.com>