[Date Prev][Date Next]
Re: Configuring a relatively simple translucent proxy to override/add group memberships.
On Sat, Oct 22, 2016 at 05:55:40PM -0700, Jeff Wiegley wrote:
Couple of questions to start:
1) Should I be making configuration changes in
/usr/share/slapd/slapd.conf or should I be using the
dynamic config thingy and ldapadd/ldapmodify??
The default for the slapd package in Debian/Ubuntu is dynamic config, as
this is the recommended setup for new installs going forward.
/usr/share/slapd/slapd.conf is a template; if you want to use it, you
should copy it to /etc/ldap/slapd.conf, replace the placeholders with
your own values, and remove the /etc/ldap/slapd.d the package set up (if
both exist, slapd.conf will be ignored in favour of slapd.d).
Please read /usr/share/doc/slapd/README.Debian.gz for some important
notes that are specific to how the Debian/Ubuntu package sets things up
I emphasize "by default" as you are totally free to throw out the
default arrangements and replace them with your own.
Several things I read say use ldapmodify but then
EVERY example about translucent proxies that I can find demonstrate
with slapd.conf. In fact almost
every tutorial I've read is entrenched in slapd.conf.
Updating the documentation to cn=config style is a work in progress. The
contents of config directives are generally the same as for slapd.conf.
For determining the structure of entries under cn=config, and the names
of attribute types, I suggest looking at the system schema contained in
the cn=schema,cn=config entry, where all of the configuration object
classes and attribute types will be found, and at the test cases in the
tests directory in the source, which cover many common setups.
I don't have time right now to look into your second question enough to
give a concrete answer, sorry.
Hope that helps.