[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Configuring a relatively simple translucent proxy to override/add group memberships.

On Sat, Oct 22, 2016 at 05:55:40PM -0700, Jeff Wiegley wrote:
Couple of questions to start:
1) Should I be making configuration changes in /usr/share/slapd/slapd.conf or should I be using the
dynamic config thingy and ldapadd/ldapmodify??

The default for the slapd package in Debian/Ubuntu is dynamic config, as this is the recommended setup for new installs going forward.

/usr/share/slapd/slapd.conf is a template; if you want to use it, you should copy it to /etc/ldap/slapd.conf, replace the placeholders with your own values, and remove the /etc/ldap/slapd.d the package set up (if both exist, slapd.conf will be ignored in favour of slapd.d).

Please read /usr/share/doc/slapd/README.Debian.gz for some important notes that are specific to how the Debian/Ubuntu package sets things up by default.

I emphasize "by default" as you are totally free to throw out the default arrangements and replace them with your own.

Several things I read say use ldapmodify but then
EVERY example about translucent proxies that I can find demonstrate with slapd.conf. In fact almost
every tutorial I've read is entrenched in slapd.conf.

Updating the documentation to cn=config style is a work in progress. The contents of config directives are generally the same as for slapd.conf. For determining the structure of entries under cn=config, and the names of attribute types, I suggest looking at the system schema contained in the cn=schema,cn=config entry, where all of the configuration object classes and attribute types will be found, and at the test cases in the tests directory in the source, which cover many common setups.

I don't have time right now to look into your second question enough to give a concrete answer, sorry.

Hope that helps.