Re: Installation openLDAP in Debian

[Jose Ildefonso Camargo Tolosa <ildefonso.camargo@gmail.com>]

On Wed, Apr 20, 2011 at 2:53 PM, Howard Chu <hyc@symas.com> wrote:
> Simone Piccardi wrote:
>>
>> On 20/04/2011 17:30, Jose Ildefonso Camargo Tolosa wrote:
>>>
>>> Hi!
>>>
>>> it no longer uses slapd.conf by default, it uses cn=config .  It is on
>>> /etc/ldap/slapd.d/
>>>
>>> Debian will leave you with a working directory (even thought not
>>> optimal, but you will be able to use it).
>>>
>>> If you can be more specific on what you want to do, just let us know!
>>> If you are used to configure with slapd.conf, you can actually use
>>> that configuration too, or you can convert your slapd.conf
>>> configuration into cn=config with slaptest (check the docs!).
>>>
>>> Ildefonso Camargo
>>
>> That's the way I'm using it. And I suggest to anyone not needing to
>> modify configurations on the fly to use it that way.
>>
>> Because apart the missing documentation, I found difficult having to
>> deal with the obscure attribute names and the complex directory
>> structure (and the not so explicative file names used under it) that I
>> found in /etc/ldap/slapd.d/.
>>
>> I understand the needs for cn=config, but for the moment I don't need
>> it. Having a file with a simple syntax that I can read and modify
>> instead of a tree of LDIF files is far more convenient for me. So I hope
>> that slapd.conf will remain supported.
>
> The tree of files is not meant for you to ever look at or modify directly.
> Just use slapcat or ldapsearch. If you know anything about LDAP at all this
> is MUCH easier than editing flat text files, since you can use any LDAP tool
> (commandline or GUI) to do all the administration.

I don't find complex to directly modify the files, actually, I find it
easier than having to write a ldif modification script every time I
need to apply a change! I just go ahead and edit the corresponding
ldif file on slapd.d

>
> If you think the tree structure is confusing, then you obviously have not
> read the Admin Guide, which clearly outlines the structure.

It is not confusing, I actually find it very logic, but it is more
complex than a single file.  But that was discussed long ago on the
list: lets face it, a single plain text file is always simpler than
any more formated file, and you will always have someone complaining
about it.

Now, if there was a graphical LDAP administration tool that handled
the configuration: there would be a lot of happy people, and writing
that tool (even by creating a template for existing tools) is now
possible thanks to cn=config, it was not that easy with old slapd.conf
file.

>
> http://www.openldap.org/doc/admin24/slapdconf2.html#Configuration%20Layout
>
> If you don't read the documentation you have only yourself to blame for
> being confused.

Yeah, that page is incomplete when compared to:

http://www.openldap.org/doc/admin24/slapdconfig.html

The cn=config directives is missing the access control part, that you can get:

http://www.openldap.org/doc/admin24/access-control.html#Access%20Control%20via%20Dynamic%20Configuration

Not a big deal, but it took me a while to realize that the
documentation was no longer on the same place as for slapd.conf

Ildefonso Camargo