[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap admin guide and 'slapd from scratch'


I wonder if the ldif sample example the end of chapter 5 is correct ?
See below:
  1.    # example config file - global configuration entry
  2.    dn: cn=config
  3.    objectClass: olcGlobal
  4.    cn: config
  5.    olcReferral: ldap://root.openldap.org

Line 1 is a comment. Lines 2-4 identify this as the global configuration
entry. The
olcReferral: directive on line 5 means that queries not local to one of
databases defined below will be referred to the LDAP server running on
the standard
port (389) at the host root.openldap.org. Line 6 is a blank line,
indicating the
end of this entry.

  7.    # internal schema
  8.    dn: cn=schema,cn=config
  9.    objectClass: olcSchemaConfig
 10.    cn: schema

Line 7 is a comment. Lines 8-10 identify this as the root of the schema
The actual schema definitions in this entry are hardcoded into slapd so
additional attributes are specified here. Line 11 is a blank line,
indicating the
end of this entry.

 12.    # include the core schema
 13.    include: file:///usr/local/etc/openldap/schema/core.ldif

Line 12 is a comment. Line 13 is an LDIF include directive which
accesses the core
schema definitions in LDIF format. Line 14 is a blank line.

Next comes the database definitions. The first database is the special
database whose settings are applied globally to all the other databases.

 15.    # global database parameters
 16.    dn: olcDatabase=frontend,cn=config
 17.    objectClass: olcDatabaseConfig
 18.    olcDatabase: frontend
 19.    olcAccess: to * by * read

Line 15 is a comment. Lines 16-18 identify this entry as the global
database entry.
Line 19 is a global access control. It applies to all entries (after any
database-specific access controls). Line 20 is a blank line.

The next entry defines the config backend.

 21.    # set a rootpw for the config database so we can bind.
 22.    # deny access to everyone else.
 23.    dn: olcDatabase=config,cn=config
 24.    objectClass: olcDatabaseConfig
 25.    olcDatabase: config
 26.    olcRootPW: {SSHA}XKYnrjvGT3wZFQrDD5040US592LxsdLy
 27.    olcAccess: to * by * none

Lines 21-22 are comments. Lines 23-25 identify this entry as the config
entry. Line 26 defines the super-user password for this database. (The
DN defaults
to "cn=config".) Line 27 denies all access to this database, so only the
will be able to access it. (This is already the default access on the
database. It is just listed here for illustration, and to reiterate that
unless a
means to authenticate as the super-user is explicitly configured, the
database will be inaccessible.)

The trouble i had is regarding the olcDatabase=frontend and
olcDatabase=config stanzas.

slapadd could do its work but the layout in cn=config/
would look like this afterwards:
And as soon as slapd started an extraneous ghostly
olcDatabase={-1}frontend.ldif would show up.

I had to instantiate the frontend and config as this.
dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {-1}frontend
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config

Which works for me.