74Hi; After about 150 hours of researching LDAP/OpenLDAP, I have finally come to the realization, among many others, that I need to build a slapd.d configuration file, not a slapd.conf configuration file. There are differences, but the documentation I've read thus far unfortunately clouds the issues. I have the following questions:
* Does someone out there in OpenLDAP-land have a slapd.d conf file they could share? That would help me more than the rest of these questions. * Do I want to include LDIF schema files, or SCHEMA schema files, or both? * Which format do I use below: A or B? A) include /usr/share/openldap/schema/core.schema B) olcInclude /usr/share/openldap/schema/core.schema Or is *this* correct? C) include: file:///usr/local/etc/openldap/schema/core.ldif * What is the difference between the attributeTypes/objectClasses in the *.schema files and the olcAttributeTypes/olcObjectClasses in the *.ldif files? What was the point in renaming them? To cut down on confusion? (I dare say it didn't.) * Do I still need an ldap.conf file? * Are the following still correct? pidfile /var/run/ldap/slapd.pid argsfile /var/run/ldap/slapd.args modulepath /usr/lib/openldap pam_ldap sasl-host ldap.2012.vi TLSRandFile /dev/random TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /etc/ssl/openldap/ldap.pem TLSCertificateKeyFile /etc/ssl/openldap/ldap.pem TLSCACertificatePath /etc/ssl/openldap/ TLSCACertificateFile /etc/ssl/cacert.pem TLSCACertificateFile /etc/ssl/openldap/ldap.pem TLSVerifyClient demand # ([never]|allow|try|demand) loglevel 256 database bdb suffix "dc=2012,dc=vi" rootdn "cn=admin,dc=2012,dc=vi" directory /var/lib/ldap index objectClass eq,pres access: to dn.base="/var/lib/ldap" by root read database monitor
Pulling my hair out, Ted