Hi,
I'm currently working on adding support for the config backend to the Ubuntu openldap package (2.4.10). While creating a new configuration, I run into the problem of loading the system schema into /etc/ldap/slapd.d/cn=config/cn=schema.ldif. Using the example from the slapd-config man page doesn't work: the system schema isn't created in cn=schema.ldif. Comparing with a slapd.conf conversion, cn=schema.ldif holds the system schema in the latter case.
I haven't found any ldif file containing the system schema - it seems to be hardcoded in the source file. So how should I create a brand new slapd setup using the config backend without converting from an existing slapd.conf file ? How should cn=schema,cn=config be initialized with slapadd ?
Mathias Gug wrote:
As documented in the Admin Guide:
5.2.3 cn=schema
The cn=schema entry holds all of the schema definitions that are hard-coded in slapd. As such, the values in this entry are generated by slapd so no schema values need to be provided in the config file. The entry must still be defined though, to serve as a base for the user-defined schema to add in underneath. Schema entries must have the olcSchemaConfig objectClass. <<<
In other words, just make a blank entry. See the example in 5.2.3.3.
On Tue, Jul 08, 2008 at 09:01:19PM -0700, Howard Chu wrote:
I've attache the three ldif files that I'm using to create a new configuration. Here are the steps that I'm following to initialize a new setup:
# mkdir /etc/ldap/slapd.d/ # slapadd -F /etc/ldap/slapd.d/ -n 0 -l slapd.d.init.ldif # slapadd -F /etc/ldap/slapd.d/ -n 0 -l slapd.d.load_hdb_module.ldif # slapadd -F /etc/ldap/slapd.d/ -n 0 -l slapd.d.new-db.ldif slapadd: could not add entry dn="olcDatabase=hdb,cn=config" (line=1): autocreation of "olcDatabase={-1}frontend" failed
On Thursday 10 July 2008 01:50:04 Mathias Gug wrote:
On Tue, Jul 08, 2008 at 09:01:19PM -0700, Howard Chu wrote:
If I convert my working configuration back-config, I get:
olcModuleLoad: {7}back_relay.la
not:
olcModuleLoad: /usr/lib/ldap/back_hdb
See the explanation of the 'moduleload' directive in slapd.conf(5).
Regards, Buchan
On Wed, Jul 09, 2008 at 07:50:04PM -0400, Mathias Gug wrote:
After some more debugging, I've hit a problem with creating a database entry with slapadd when defining a new database is not done at the same time as creating the initial slapd.d structure.
I've attached two files, init.ldif and database.ldif that I'm using.
The two following tests have different outcomes:
* First initialize the directory, then create a new database.
$ cat init.ldif | slapadd -F ./d/ -b "cn=config" $ cat database.ldif | slapadd -F ./d/ -b "cn=config" slapadd: could not add entry dn="olcDatabase=hdb,cn=config" (line=1): autocreation of "olcDatabase={-1}frontend" failed $
* Initialize the directory *and* create the new database in one run: $ cat init.ldif database.ldif | slapadd -F ./d/ -b "cn=config" $
Although the last command seemed successful, loading a set of entries fails even in the later case:
$ cat tree.ldif dn: dc=my-domain,dc=com objectClass: top objectClass: dcObject objectClass: organization o: Mydomain dc: my-domain
dn: cn=admin, dc=my-domain, dc=com objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword: secret
$ slapadd -F ./d/ -b "dc=my-domain,dc=com" -l tree.ldif slapadd: bad configuration directory!
--On Thursday, July 10, 2008 11:22 PM -0400 Mathias Gug mathiaz@ubuntu.com wrote:
Does this occur with the latest RE24 CVS?
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Mathias Gug wrote:
That's your first problem; slapadd is not intended for incremental use. It's for bulk loading, which generally means you feed it a single complete LDIF file. After you've run slapadd, generally you should just start up slapd and use ldap* commands from then on.
In this case, you could still use multiple LDIF files; just use include: directives to link them all into a single LDIF that can be slapadd'd in one pass.
openldap-software@openldap.org