[Date Prev][Date Next]
Re: Slapd.d Config File
Ted Johnson wrote:
74That's supposed to be a directory, not a file.
After about 150 hours of researching LDAP/OpenLDAP, I have finally
come to the realization, among many others, that I need to build a
slapd.d configuration file
, not a slapd.conf configuration file.
A slapd.conf is just fine. If you want to use the __new__ cn=config
database, slapd or any other tool can generate it for you starting from
slapd.conf, using simultaneously the -f and the -F switches.
There are differences, but the documentation I've read thus far
unfortunately clouds the issues.
Maybe you didn't use the right documentation?
Try "slapd -f your-slapd.conf -F
I have the following questions:
* Does someone out there in OpenLDAP-land have a slapd.d conf file
they could share?
That would help me more than the rest of these questions.
* Do I want to include LDIF schema files, or SCHEMA schema files, or both?
* Which format do I use below: A or B?
A) include /usr/share/openldap/schema/core.schema
B) olcInclude /usr/share/openldap/schema/core.schema
Or is *this* correct?
C) include: file:///usr/local/etc/openldap/schema/core.ldif
* What is the difference between the attributeTypes/objectClasses in
the *.schema files and the olcAttributeTypes/olcObjectClasses in the
*.ldif files? What was the point in renaming them? To cut down on
confusion? (I dare say it didn't.)
* Do I still need an ldap.conf file?
ldap.conf never had anything to do with slapd, nor it starts now (with a
__big__ exception: client-side features of slapd, like
back-ldap/back-meta and slurpd/syncrepl always used and still use
ldap.conf for SSL-related settings; there is work in this area to
pam_ldap has never been a valid slapd.conf directive
* Are the following still correct?
a hash mark ('#') followed by text is interpreted as an argument to the
command that starts the line, not as a comment (as I assume you mean it).
TLSVerifyClient demand # ([never]|allow|try|demand)
No colon (':') after "access" is allowed in the "access" access control
index objectClass eq,pres
access: to dn.base="/var/lib/ldap" by root read
The above seems to be a collection of partially incorrect slapd.conf
statements. Provided you fix what's wrong, it should be fine to
generate the cn=config database following indications above. Note that
you don't have to generate the cn=config database unless you intend to
use it, and I suggest you don't until you understand all the
implications and its general usefulness. From your message, it appears
you didn't understand it yet, and you got the false perception that the
traditional way of configuring slapd is no longer valid, which is
absolutely not true.
Ing. Pierangelo Masarati
OpenLDAP Core Team
Via Dossi, 8 - 27100 Pavia - ITALIA