[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Configuring a relatively simple translucent proxy to override/add group memberships.

To: Jeff Wiegley <jeffw@csun.edu>
Subject: Re: Configuring a relatively simple translucent proxy to override/add group memberships.
From: Ryan Tandy <ryan@nardis.ca>
Date: Sun, 23 Oct 2016 18:20:29 -0700
Cc: openldap-technical@openldap.org
Content-disposition: inline
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nardis.ca; s=google; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-disposition:in-reply-to:user-agent; bh=xE3zDVBRk3kSuYF0OR77x51bg1o3+1pWjf+nriF4bqg=; b=wNmDhR+oJwaOzvG6tlTcH+KDEu3c6JdG9QgWZXab86virslNN6cuXT+KG9Sc2Fukqu gdmgfh0q6nKeEgw1JQAanGk2X3doLh1oHo0VkkfZF14lwXTPvd0snbLQROWvggz/hzOC gjuohSjxbB/p1EjflllwWqJjdOL8trlngOoeU=
In-reply-to: <f061f189-faa8-564c-ebee-08d2529a0e51@csun.edu>
Mail-followup-to: Jeff Wiegley <jeffw@csun.edu>, openldap-technical@openldap.org
References: <f061f189-faa8-564c-ebee-08d2529a0e51@csun.edu>
User-agent: Mutt/1.5.23 (2014-03-12)

On Sat, Oct 22, 2016 at 05:55:40PM -0700, Jeff Wiegley wrote:

Couple of questions to start:
1) Should I be making configuration changes in/usr/share/slapd/slapd.conf or should I be using the
dynamic config thingy and ldapadd/ldapmodify??

The default for the slapd package in Debian/Ubuntu is dynamic config, asthis is the recommended setup for new installs going forward.

/usr/share/slapd/slapd.conf is a template; if you want to use it, youshould copy it to /etc/ldap/slapd.conf, replace the placeholders withyour own values, and remove the /etc/ldap/slapd.d the package set up (ifboth exist, slapd.conf will be ignored in favour of slapd.d).

Please read /usr/share/doc/slapd/README.Debian.gz for some importantnotes that are specific to how the Debian/Ubuntu package sets things upby default.

I emphasize "by default" as you are totally free to throw out thedefault arrangements and replace them with your own.

Several things I read say use ldapmodify but then
EVERY example about translucent proxies that I can find demonstratewith slapd.conf. In fact almost
every tutorial I've read is entrenched in slapd.conf.

Updating the documentation to cn=config style is a work in progress. Thecontents of config directives are generally the same as for slapd.conf.For determining the structure of entries under cn=config, and the namesof attribute types, I suggest looking at the system schema contained inthe cn=schema,cn=config entry, where all of the configuration objectclasses and attribute types will be found, and at the test cases in thetests directory in the source, which cover many common setups.

I don't have time right now to look into your second question enough togive a concrete answer, sorry.


Hope that helps.

References:
- Configuring a relatively simple translucent proxy to override/add group memberships.
  - From: Jeff Wiegley <jeffw@csun.edu>

Prev by Date: How do I know proxy cache works or not?
Next by Date: Re: How do I know proxy cache works or not?
Index(es):
- Chronological
- Thread