[Date Prev][Date Next]
Re: Is there anyone on this list patient with stupid questions?
Thanks for the references, Mark, I think that they will be helpful (I think).
Now, I know no one else has ever done this, but when I had a sample slapd.conf
that applied certain schema, I just copied the applicable lines and did not look
up the appropriate RFCs!!! (Forgive me, Linus, for I have sinned! It has been
three months since my last backup...)
Reading the intro:
"The Requests for Comments (RFC) document series is a set of technical and
organizational notes about the Internet (orginally the ARPANET), beginning in
1969. Memos in the RFC series discuss many aspects of computer networking,
including protocols, procedures, programs, and concepts, as well as meeting
notes, opinions, and sometimes humor." <- Was that suppose to be funny????
> (I'm *not* an LDAP expert; I would admit to some expertise in squeezing
information out of software, acquired through 25 years of banging my head on
various and sundry conceptual walls.)
Put in that context, six weeks of OpenLDAP head-banging seems quite mundane.
> On Mon, 13 Jan 2003, Jonathan Smith wrote:
> > Those words, "with the appropriate domain components," jumped out at me.
> > It still required making an assumption, nevertheless, therein was a
> > possible answer to one of my stupid questions: "dc" means Domain
> > Component. And, the above, gives an example of how one uses domain
> > component (not "direct current" and not "District of Columbia") in a
> > *.ldif file.
> Yup, 'dc' is domainComponent and indicates that the value is part of a DNS
> domain name.
> There *is* a way to track these down, but it is not at all clear to
> newcomers. In an X.500 Directory Information Base, element labels such as
> 'dc' are bound to their semantics and integrity rules by a "schema".
> OpenLDAP stores its schema in a collection of plain text files. You'll
> probably find them in /etc/openldap/schema or perhaps
> /usr/local/share/openldap/schema. (I don't recall whether I forced them
> into /etc or whether the installation process put them there by default.)
> In 'core.schema' I find this:
> # RFC1274 + RFC2247
> attributetype ( 0.9.2342.19200300.100.1.25
> NAME ( 'dc' 'domainComponent' )
> DESC 'RFC1274/2247: domain component'
> EQUALITY caseIgnoreIA5Match
> SUBSTR caseIgnoreIA5SubstringsMatch
> SYNTAX 220.127.116.11.4.1.1418.104.22.168.26 SINGLE-VALUE )
> It's a bit cryptic, but it says that an attribute type exists with the
> names 'dc' and 'domainComponent', described as a "domain component", with
> OID suchandso and obeying the syntax with OID suchandso, obeying certain
> match rules. It also hints that if you read RFC1274 and RFC2247 you will
> find an explanation of just what the heck a domainComponent is and why you
> might use one. (Try http://www.rfc-editor.org/ for access to RFCs.)
> There, wasn't that simple? No, it wasn't. But it works for me.
> I must agree that most of the documentation for LDAP, X.500, etc. is aimed
> at insiders who already know how to think in this space. I'm still
> learning as I dabble. (I'm *not* an LDAP expert; I would admit to some
> expertise in squeezing information out of software, acquired through 25
> years of banging my head on various and sundry conceptual walls.)
> Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu
> MS Windows *is* user-friendly, but only for certain values of "user".