[Date Prev][Date Next] [Chronological] [Thread] [Top]

Slapd.d Config File

After about 150 hours of researching LDAP/OpenLDAP, I have finally come to the realization, among many others, that I need to build a slapd.d configuration file, not a slapd.conf configuration file. There are differences, but the documentation I've read thus far unfortunately clouds the issues. I have the following questions:

* Does someone out there in OpenLDAP-land have a slapd.d conf file they could share? That would help me more than the rest of these questions.
* Do I want to include LDIF schema files, or SCHEMA schema files, or both?
* Which format do I use below: A or B?
        A) include    /usr/share/openldap/schema/core.schema
        B) olcInclude    /usr/share/openldap/schema/core.schema
   Or is *this* correct?
        C) include: file:///usr/local/etc/openldap/schema/core.ldif
* What is the difference between the attributeTypes/objectClasses in the *.schema files and the olcAttributeTypes/olcObjectClasses in the *.ldif files? What was the point in renaming them? To cut down on confusion? (I dare say it didn't.)
* Do I still need an ldap.conf file?
* Are the following still correct?
        pidfile        /var/run/ldap/slapd.pid
        argsfile    /var/run/ldap/slapd.args
        modulepath    /usr/lib/openldap
        sasl-host ldap.2012.vi
        TLSRandFile            /dev/random
        TLSCipherSuite         HIGH:MEDIUM:+SSLv2
        TLSCertificateFile      /etc/ssl/openldap/ldap.pem
        TLSCertificateKeyFile   /etc/ssl/openldap/ldap.pem
        TLSCACertificatePath   /etc/ssl/openldap/
        TLSCACertificateFile    /etc/ssl/cacert.pem
        TLSCACertificateFile    /etc/ssl/openldap/ldap.pem
        TLSVerifyClient demand # ([never]|allow|try|demand)
        loglevel 256
        database        bdb
        suffix        "dc=2012,dc=vi"
        rootdn        "cn=admin,dc=2012,dc=vi"
        directory    /var/lib/ldap
        index        objectClass                        eq,pres
        access: to dn.base="/var/lib/ldap" by root read
        database monitor

Pulling my hair out,