[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Questions on supporting multiple naming contexts in the slapd.conf

On Wednesday 09 November 2005 22:27, Krishna Ganugapati wrote:
> Hello,
> I have some newbie questions on the slapd.conf and support for multiple
> naming contexts/directory partitions
> I want to have two partitions
> 1) dc=marakicorp,dc=com
> 2) cn=subcontainer,dc=marakicorp,dc=com
> Is the following slapd.conf valid
> database        bdb
> suffix          "dc=marakicorp,dc=com"
> rootdn          "cn=Manager,dc=marakicorp,dc=com"
> rootpw          secret
> directory       %LOCALSTATEDIR%/openldap-data
> # Indices to maintain
> index   objectClass     eq
> database 	bdb
> suffix 	  	"cn=subcontainer,dc=marakicorp,dc=com
> rootdn		"cn=Manager,dc=marakicorp,dc=com
> rootpw		secret
> directory	%LOCALSTATEDIR%/openldap-data
> index		objectClass eq
> Here are my questions
> 0) Can I use the same type of backend (bdb) for both naming contexts?

Yes, but you can't use the same "directory".

> I'm assuming that this is valid.

Your config isn't, use something like:

directory	%LOCALSTATEDIR%/openldap-data/marakicorp
directory	%LOCALSTATEDIR%/openldap-data/subcontainer


directory	%LOCALSTATEDIR%/openldap-data
directory	%LOCALSTATEDIR%/openldap-data/subcontainer

(I assume you have actually replaced %LOCALSTATEDIR% with a real path)

> 1) The second naming context is rooted at an object that is a "logical"
> child of the suffix of the first naming context - is this acceptable to
> do?

Yes, just place the subordinate database first, and use the "subordinate" 
option for it.

> 2) The rootdn (Manager dn) for both naming contexts is a dn which is
> found in the first naming context "cn=Manager,dc=marakicorp,dc=com

Well, it shouldn't be the first naming context, but yes, it would be 
preferable to have the rootdn in the parent (and the rootdn must be the 

> 3) The database location (directory) is the same for both naming
> contexts - I'm not particular that the same store be used for both
> naming contexts - I'm okay with separate database stores, but would like
> to clarify if this is doable.

It is not. You'll notice slapd won't start up, since it won't be able to open 
the same database a 2nd time.

> 4) I don't expect the second naming context root object
> (cn=Subcontainer,dc=marakicorp,dc=com) be reachable from the first
> naming context, but presumably if there is a referral object in the
> first naming context that "refers" me to the second naming context, I
> would be able to spelunk from the first naming context into the second.

If you order them correctly and use the "subordinate" option, the subordinate 
database should be accessible from the parent.

> Could someone clarify if my assumptions here are accurate?

Why make assumptions when you can get authoratative answers by reading the 
documentation? All your questions (except maybe question 0) have answers in 
the documentation ...

For example, see the section on "subordinate" in the slapd.conf man page 
(which answers questions 1,2,4), and the "directory" section of the slapd-bdb 
man page (which answers question 3).


Buchan Milne
ISP Systems Specialist

Attachment: pgpV98D4nytPW.pgp
Description: PGP signature