Hi;
I've finally completed my server setup and now I'm focusing on the client configurations (with TLS).
I'm using the Buchan RPMs (openldap 2.3.39) for RHEL4 and it creates an /etc/openldap2.3 directory. I also have the base openldap (2.2.x) rpms installed (originally) and it creates the base /etc/openldap directory.
After doing an strace, I see that /etc/openldap/ldap.conf is used.... but I want use /etc/openldap2.3/ldap.conf file, how do I switch my ldap client to look here?
Thanks,
Rafael
On Thu, 13 Dec 2007, R.B. wrote:
I'm using the Buchan RPMs (openldap 2.3.39) for RHEL4 and it creates an /etc/openldap2.3 directory. I also have the base openldap (2.2.x) rpms installed (originally) and it creates the base /etc/openldap directory.
After doing an strace, I see that /etc/openldap/ldap.conf is used.... but I want use /etc/openldap2.3/ldap.conf file, how do I switch my ldap client to look here?
To quote the ldap.conf(5) manpage:
Additional configuration files can be specified using the LDAPCONF and LDAPRC environment variables. LDAPCONF may be set to the path of a configuration file. This path can be absolute or relative to the current working directory. The LDAPRC, if defined, should be the basename of a file in the current working directory or in the user's home directory.
Note $LDAPCONF and $LDAPRC are read _after_ the compiled in paths are read. There is no way to stop the client from reading the compiled in paths. If you want that, you have to rebuild the clients from scratch with extra configure options to change the paths. It looks like you would need: --sysconfdir=/etc --with-subdir=openldap2.3
...but I've never used --with-subdir, so I may be misreading things...
Philip Guenther
R.B. skrev, on 14-12-2007 03:15:
I've finally completed my server setup and now I'm focusing on the client configurations (with TLS).
I'm using the Buchan RPMs (openldap 2.3.39) for RHEL4 and it creates an /etc/openldap2.3 directory. I also have the base openldap (2.2.x) rpms installed (originally) and it creates the base /etc/openldap directory.
After doing an strace, I see that /etc/openldap/ldap.conf is used.... but I want use /etc/openldap2.3/ldap.conf file, how do I switch my ldap client to look here?
I'm using Buchan's rpms (actually built from srpms) 2.3 on RHEL5 and 2.4 on FC6. Buchan's slapd is actually called slapd2.[3|4], not slapd. Similarly all stuff that Buchan produces has 2.[3|4] tacked onto it, including the man pages. If you do a 'strings ldap2.3 | less' on your rig and look for /etc, you'll see that the default config dirs are built into it.
My guess is you're running the wrong slapd, even starting the wrong service. The correct service for you to start is ldap2.3. Also, make sure that the stuff you have in /etc/sysconfig/ldap2.3 is correct.
--Tonni
On Friday 14 December 2007 04:15:44 R.B. wrote:
Hi;
I've finally completed my server setup and now I'm focusing on the client configurations (with TLS).
I'm using the Buchan RPMs (openldap 2.3.39) for RHEL4 and it creates an /etc/openldap2.3 directory. I also have the base openldap (2.2.x) rpms installed (originally) and it creates the base /etc/openldap directory.
After doing an strace, I see that /etc/openldap/ldap.conf is used....
by what?
but I want use /etc/openldap2.3/ldap.conf file, how do I switch my ldap client to look here?
To ensure there are not conflicts etc., my packages ship everything with a major version suffix if the distribution shipped a different major version of OpenLDAP. Thus, the ldap library from the libldap2.3_0 package uses /etc/openldap2.3/ldap.conf, however the original ldap library provided by RHEL (in the openldap-2.2.13 package) is still the 2.2.13 version, and still uses /etc/openldap/ldap.conf. All the software shipped with RHEL that uses the ldap library is compiled against the RHEL version, so uses /etc/openldap/ldap.conf. If your /etc/openldap2.3/ldap.conf contains the settings you want all LDAP software to use ... use a link (hard or soft, either will probably do).
I have done this to ensure that my packages will never affect any software supplied by Red Hat (and the support status).
Regards, Buchan
On Tue, Dec 18, 2007 at 10:15:41AM +0200, Buchan Milne wrote:
To ensure there are not conflicts etc., my packages ship everything with a major version suffix if the distribution shipped a different major version of OpenLDAP. Thus, the ldap library from the libldap2.3_0 package uses /etc/openldap2.3/ldap.conf, however the original ldap library provided by RHEL (in the openldap-2.2.13 package) is still the 2.2.13 version, and still uses /etc/openldap/ldap.conf.
This seems to have changed for RHEL 5
Your packages at http://staff.telkomsa.net/packages/rhel5/openldap/x86_64/ seem to replace the RH supplied ones.
I'm not complaining, I think this is good. Keep up the good work.
On Wednesday 19 December 2007 01:36:18 Norman Gaywood wrote:
On Tue, Dec 18, 2007 at 10:15:41AM +0200, Buchan Milne wrote:
To ensure there are not conflicts etc., my packages ship everything with a major version suffix if the distribution shipped a different major version of OpenLDAP. Thus, the ldap library from the libldap2.3_0 package uses /etc/openldap2.3/ldap.conf, however the original ldap library provided by RHEL (in the openldap-2.2.13 package) is still the 2.2.13 version, and still uses /etc/openldap/ldap.conf.
This seems to have changed for RHEL 5
Your packages at http://staff.telkomsa.net/packages/rhel5/openldap/x86_64/ seem to replace the RH supplied ones.
Note the phrase "if the distribution shipped a different major version of OpenLDAP". Since RHEL5 ships with 2.3, suffixing won't help (as the library name must be the same).
However, now that the 2.4.7 packages are available, yo will notice the policy is still consistent.
Regards, Buchan
openldap-software@openldap.org
-
Buchan Milne -
Norman Gaywood -
Philip Guenther -
R.B. -
Tony Earnshaw