[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldif

Dane Foster wrote:
> dn:dc=com is the first entry.
> Fortunately, I've finally figured it out.  OpenLDAP will not allow you to
> manually enter the nodes that make up the root node if you already specified
> it in slapd.conf.  So, in my slapd.conf I have the domain suffix set at
> 'dc=external,dc=equitytg,dc=com' therefore, I cannot manually add an entry
> for dc=com or dc=equitytg or dc=external because OpenLDAP implicitly creates
> them for me, they just don't tell you this in the documentation.

Actually, you cannot enter nodes that are at a higher level than the
"suffix" of a database. If you have a database with 

suffix "dc=level3,dc=level2,dc=level1"

you can add the entry (actually you have to :)

dn: dc=level3,dc=level2,dc=level1

but you cannot add

dn: dc=level1
dn: dc=level2,dc=level1

because slapd wouldn't know where to put them.
Unless you're implementing a root server, if
a request for "dc=level1" your server should 
reject it or return a "referral" to a server that 
is supposedly able to handle it (see the referral
stuff in slapd.conf(5) or in the admin guide).

Dr. Pierangelo Masarati               | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale                | fax:   +39 02 2399 8334
Politecnico di Milano                 | mailto:masarati@aero.polimi.it
via La Masa 34, 20156 Milano, Italy   |