[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: creating/populating a database from an LDIF file

Chris Majewski wrote:

Now, my LDIF file looks like the following, multiplied by a factor of
a few hundred. That is, you can think of the following as one entry of
a few hundred entries:

dn: uid=bobj,ou=People,o=cs.foo.edu

You have first to create the record for the container cs.foo.edu, otherwise you can't put anything in it ;) Do it slightly differently to ensure flexibility and avoid trouble later:

dn: dc=cs,dc=foo,dc=edu
objectClass: dcObject
objectClass: organization
objectClass: top

Then you have to create the container People:

dn: ou=People,dc=cs,dc=foo,dc=edu
objectClass: top
objectClass: organizationalUnit
ou: people

Similar with Roaming.

mail: bobj@cs.foo.edu
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Bob Jones
uid: bobj
givenname: Bob
sn: Jones
facsimiletelephonenumber: +1 718 555 1234
userpassword: {crypt}
postaladdress: 1 Main Street$Suburbia, NY$USA$12345
roomnumber: 123
homepostaladdress:  234-1234 Pink St$Suburbia, NY$12345
homephone: 718-555-2345
telephonenumber: +1 718 718-555-3456
labeleduri: http://www.cs.foo.edu/~bobj
description: Faculty

Not much to remark about the above. Be sure to include schemas in slapd.conf for objectclasses and attributes you want. you want

dn: nsLIProfileName=bobj, ou=Roaming, o=cs.foo.edu
objectclass: top
objectclass: nsLIProfile

This is not a standard Openldap objectclass. Do you have your own schema for it?

nsliprofilename: bobj
owner: uid=bobj,ou=People,o=cs.foo.edu

Does that make sense? Imagine that this file fell from outer space and
landed at my feet (i.e. don't yell at me if it doesn't make sense, but
suggest an alternative.)

My slapd.conf  (the database definitions  section of it, at  any rate)
looks like this:

Don't forget ACLs, later. For now a standard ACL will be assumed.

database ldbm

Use bdb for Openldap 2.1, the later versions need 4.1.25. Other people might advise dbm,not me.

suffix "ou=People,o=cs.foo.edu"
rootdn "cn=Manager,dc=cs,dc=foo,dc=edu"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd/tools. Mode 700 recommended.
directory /var/lib/ldap

This is a RedHat location. If you compile your own, the standard install will wand to put it tin /usr/local/var/openldap-data, but you can tell the compile to put it in /var/lib/ldap, if you choose. Same with the location for slapd.conf, etc.

# Indices to maintain
#index  objectClass,uid,uidNumber,gidNumber,memberUid   eq
#index  cn,mail,surname,givenname                       eq,subinitial
# Replicas to which we should propagate changes
#replica host=ldap-1.example.com:389 tls=yes
#       bindmethod=sasl saslmech=GSSAPI
#       authcId=host/ldap-master.example.com@EXAMPLE.COM

See that the indexing doesn't gripe. I can never suss the correct parameters for whatever attribute is supposed to get them until I run slapindex and it gripes. You're supposed to be able to see from the respective schema. You don't have to run slapindex to create the initial indexes, starting slapd will also index for you.

That probably doesn't make sense. It's basically the default
slapd.conf that comes with the RedHat9 openldap package, with the
uncommented things written by me, and some stuff I didn't trust
commented out.

This is what happens next:

[root@okocim ldap]# slapadd -v -l userinfo.ldif
slapadd: could not add entry dn="uid=bobj,ou=People,o=cs.foo.edu" (line=17)

Shouldn't happen if you create the containers first.

I'm running my slapd with "-d 1" and I don't see any errors on its

Run at -d256 for now. -d1/-1 is handy for certificate debugging but gives far too much output for normal use.

Like Quanah says, look at the schemas and understand them. Some are built into the slapd binary and can't be changed easily

Use a tool like GQ (no, use GQ ;) to work with. It'll teach you a lot. Download and compile the source for 1.03alpha or whatever it is now - it's stable enough and very good.


Tony Earnshaw

Do not CC me or your mail will probably be rejected.
I don't like this, either. Blame it on Swen and a slow
Internet connection.

Mail: billy-at-billy.demon.nl