[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Configuring OpenLDAP with a custom schema instead of default schemas

To: Jon Smark <jon.smark@yahoo.com>
Subject: Re: Configuring OpenLDAP with a custom schema instead of default schemas
From: Ryan Tandy <ryan@nardis.ca>
Date: Fri, 14 Jul 2017 18:16:14 -0700
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Content-disposition: inline
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nardis.ca; s=google; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=6Kd3NlT4RDbEsbok6owSq2K/UK/7u+nqBcOzKP2GqVo=; b=SazuF0PvVKKPXthoj0Zmy2NZZU/9cJoiDX3oUT+7SrqcQmnktqNHJDC4IDsf4byX2I EwBtEuKBjwGzXsJkfA47EpHQw+74nl32Je15gbfzM67J6CFaDQuY451RsKFhdBQQ5CSV Pi7ggPVxLMJhrlMhwktmKuHT8kdWuyeeRHuSY=
In-reply-to: <200461253.452162.1500043710085@mail.yahoo.com>
Mail-followup-to: Jon Smark <jon.smark@yahoo.com>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
References: <200461253.452162.1500043710085.ref@mail.yahoo.com> <200461253.452162.1500043710085@mail.yahoo.com>
User-agent: NeoMutt/20170113 (1.7.2)

On Fri, Jul 14, 2017 at 02:48:30PM +0000, Jon Smark wrote:

Anyway, I have defined a schema file with the custom attributes  
and object classes relevant to my domain.  Starting from a fresh
installation of OpenLDAP 2.4.42 running on Ubuntu 16.04, I want
to configure my Slapd server to *only* consider my schema file and
to ignore all the other schemas it's configured to use by default.

I have to assume you have good reasons for doing that; but please doconsider that most applications out there are written with the existingstandardized schemas in mind, and try to leverage them as much as itmakes sense to.

You do most likely at least want the 'core' schema. Most things assumeit is present.

I thought it would be as simple as removing the old /etc/ldap/slapd.d
and replacing it with the output of slaptest applied to my schema
file.  This doesn't work, unfortunately, because slapd refuses to
start afterwords.

The default configuration defines a bit more than just that. Thetemplate used by the installer is /usr/share/slapd/slapd.init.ldif butthere are some placeholders that the maintainer scripts fill in.

The Debian/Ubuntu init script requires you to define olcPidFile at aminimum, so it can do process tracking. (You didn't explicitly sayyou're invoking the init script; I apologize in advance if I'm assumingincorrectly that you want to use it.)

I'm not completely sure (haven't tested recently) but I think slaptestworks better on a skeleton slapd.conf that just "include"s the relevantschema than it does on the schema file itself.

I apologize if this question seems basic, but I'm stuck on this very
first step and I've been unable to find an up-to-date tutorial on how
to configure a recent OpenLDAP server from scratch (ie, without all
the default schemas).


http://www.openldap.org/doc/admin24/slapdconf2.html

hope this helps,
Ryan

Follow-Ups:
- Re: Configuring OpenLDAP with a custom schema instead of default schemas
  - From: Jon Smark <jon.smark@yahoo.com>

References:
- Configuring OpenLDAP with a custom schema instead of default schemas
  - From: Jon Smark <jon.smark@yahoo.com>

Prev by Date: Re: Configuring OpenLDAP with a custom schema instead of default schemas
Next by Date: Re: Configuring OpenLDAP with a custom schema instead of default schemas
Index(es):
- Chronological
- Thread