[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
openldap admin guide and 'slapd from scratch'
Howdy.
I wonder if the ldif sample example the end of chapter 5 is correct ?
See below:
----
1. # example config file - global configuration entry
2. dn: cn=config
3. objectClass: olcGlobal
4. cn: config
5. olcReferral: ldap://root.openldap.org
6.
Line 1 is a comment. Lines 2-4 identify this as the global configuration
entry. The
olcReferral: directive on line 5 means that queries not local to one of
the
databases defined below will be referred to the LDAP server running on
the standard
port (389) at the host root.openldap.org. Line 6 is a blank line,
indicating the
end of this entry.
7. # internal schema
8. dn: cn=schema,cn=config
9. objectClass: olcSchemaConfig
10. cn: schema
11.
Line 7 is a comment. Lines 8-10 identify this as the root of the schema
subtree.
The actual schema definitions in this entry are hardcoded into slapd so
no
additional attributes are specified here. Line 11 is a blank line,
indicating the
end of this entry.
12. # include the core schema
13. include: file:///usr/local/etc/openldap/schema/core.ldif
14.
Line 12 is a comment. Line 13 is an LDIF include directive which
accesses the core
schema definitions in LDIF format. Line 14 is a blank line.
Next comes the database definitions. The first database is the special
frontend
database whose settings are applied globally to all the other databases.
15. # global database parameters
16. dn: olcDatabase=frontend,cn=config
17. objectClass: olcDatabaseConfig
18. olcDatabase: frontend
19. olcAccess: to * by * read
20.
Line 15 is a comment. Lines 16-18 identify this entry as the global
database entry.
Line 19 is a global access control. It applies to all entries (after any
applicable
database-specific access controls). Line 20 is a blank line.
The next entry defines the config backend.
21. # set a rootpw for the config database so we can bind.
22. # deny access to everyone else.
23. dn: olcDatabase=config,cn=config
24. objectClass: olcDatabaseConfig
25. olcDatabase: config
26. olcRootPW: {SSHA}XKYnrjvGT3wZFQrDD5040US592LxsdLy
27. olcAccess: to * by * none
28.
Lines 21-22 are comments. Lines 23-25 identify this entry as the config
database
entry. Line 26 defines the super-user password for this database. (The
DN defaults
to "cn=config".) Line 27 denies all access to this database, so only the
super-user
will be able to access it. (This is already the default access on the
config
database. It is just listed here for illustration, and to reiterate that
unless a
means to authenticate as the super-user is explicitly configured, the
config
database will be inaccessible.)
-----
The trouble i had is regarding the olcDatabase=frontend and
olcDatabase=config stanzas.
slapadd could do its work but the layout in cn=config/
would look like this afterwards:
-----
olcDatabase=frontent.ldif
olcDatabase=config.ldif
olcDatabase=hdb.ldif
-----
And as soon as slapd started an extraneous ghostly
olcDatabase={-1}frontend.ldif would show up.
I had to instantiate the frontend and config as this.
---
dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {-1}frontend
---
and
----
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
----
Which works for me.