Hi LDAPers
[cvs@myhost ~]$ rpm -q openldap-servers openldap-servers-2.3.39-1.fc8 [cvs@myhost ~]$
As far as i have understood, the openldap config is moving towards beeing fully LDAP integrated, i.e. you will change the config using ldapmodify, you will add to the config using ldapadd, you will view the config using ldapsearch.
That created me a problem: i had to add a schema. what i did: i created a new olcInclude object into cn=config. This object, however, was not stable, it got lost at the next slapd restart.
When i consulted this discussion list, i was informed that adding a new olcInclude object is not the correct way to add a new schema. But i was not informed on how the intention is to do it.
I imagine that another way would be to convert the schema from the schema file manually/directly into olcAtttributeTypes, olcObjectClasses, olcObjectIdentifier and insert them into the cn=schema,cn=config. This, however, would be a very error prone action.
Also, the handling of the access rights in the future is far from clear.
When i consulted the openldap docu, i found put me in front of a fait-accompli: that is how it is, help yourself.
could someone shed some light on the evolution process from file-based config into LDAP-based config?
thanks in advance.
suomi
<quote who="openldap">
Hi LDAPers
[cvs@myhost ~]$ rpm -q openldap-servers openldap-servers-2.3.39-1.fc8 [cvs@myhost ~]$
As far as i have understood, the openldap config is moving towards beeing fully LDAP integrated, i.e. you will change the config using ldapmodify, you will add to the config using ldapadd, you will view the config using ldapsearch.
It has moved already. You have a choice of either. slapd.conf is planned to be dropped at some point in the future.
You will be limited with a 2.3 release however (more at http://www.openldap.org/doc/admin24/appendix-changes.html).
That created me a problem: i had to add a schema. what i did: i created a new olcInclude object into cn=config. This object, however, was not stable, it got lost at the next slapd restart.
When i consulted this discussion list, i was informed that adding a new olcInclude object is not the correct way to add a new schema. But i was not informed on how the intention is to do it.
See openldap.ldif and core.ldif in the schema directory of the OpenLDAP source.
I imagine that another way would be to convert the schema from the schema file manually/directly into olcAtttributeTypes, olcObjectClasses, olcObjectIdentifier and insert them into the cn=schema,cn=config. This, however, would be a very error prone action.
It's very easy and doesn't take long honestly.
Also, the handling of the access rights in the future is far from clear.
When i consulted the openldap docu, i found put me in front of a fait-accompli: that is how it is, help yourself.
ACLs? See http://www.openldap.org/doc/admin24/slapdconf2.html#Access%20Control%20Examp...
I will be moving these into a new document section very soon.
could someone shed some light on the evolution process from file-based config into LDAP-based config?
http://www.openldap.org/doc/admin24/slapdconf2.html#Converting%20from%20slap...
Like you've probably been told, "help yourself" to the documentation ;-)
thanks in advance.
suomi
On Friday 07 March 2008 11:46:41 openldap wrote:
Hi LDAPers
[cvs@myhost ~]$ rpm -q openldap-servers openldap-servers-2.3.39-1.fc8 [cvs@myhost ~]$
As far as i have understood, the openldap config is moving towards beeing fully LDAP integrated, i.e. you will change the config using ldapmodify, you will add to the config using ldapadd, you will view the config using ldapsearch.
That created me a problem: i had to add a schema. what i did: i created a new olcInclude object into cn=config. This object, however, was not stable, it got lost at the next slapd restart.
Did the user slapd was running as have write access to the appropriate directory, so that it *could* ensure the changes were written to disk?
When i consulted this discussion list, i was informed that adding a new olcInclude object is not the correct way to add a new schema. But i was not informed on how the intention is to do it.
Did you consult any documentation ?
http://www.openldap.org/doc/admin24/slapdconf2.html#cn=schema
I imagine that another way would be to convert the schema from the schema file manually/directly into olcAtttributeTypes, olcObjectClasses, olcObjectIdentifier and insert them into the cn=schema,cn=config. This, however, would be a very error prone action.
Yes, however I would rather use a trivial one-line script for that.
Also, the handling of the access rights in the future is far from clear.
Which access rights?
When i consulted the openldap docu, i found put me in front of a fait-accompli: that is how it is, help yourself.
could someone shed some light on the evolution process from file-based config into LDAP-based config?
Besides reading the documentation ?
Regards, Buchan
openldap-software@openldap.org
-
Buchan Milne -
Gavin Henry -
openldap