On Wed, Apr 20, 2011 at 2:53 PM, Howard Chu hyc@symas.com wrote:
Simone Piccardi wrote:
On 20/04/2011 17:30, Jose Ildefonso Camargo Tolosa wrote:
Hi!
it no longer uses slapd.conf by default, it uses cn=config . It is on /etc/ldap/slapd.d/
Debian will leave you with a working directory (even thought not optimal, but you will be able to use it).
If you can be more specific on what you want to do, just let us know! If you are used to configure with slapd.conf, you can actually use that configuration too, or you can convert your slapd.conf configuration into cn=config with slaptest (check the docs!).
Ildefonso Camargo
That's the way I'm using it. And I suggest to anyone not needing to modify configurations on the fly to use it that way.
Because apart the missing documentation, I found difficult having to deal with the obscure attribute names and the complex directory structure (and the not so explicative file names used under it) that I found in /etc/ldap/slapd.d/.
I understand the needs for cn=config, but for the moment I don't need it. Having a file with a simple syntax that I can read and modify instead of a tree of LDIF files is far more convenient for me. So I hope that slapd.conf will remain supported.
The tree of files is not meant for you to ever look at or modify directly. Just use slapcat or ldapsearch. If you know anything about LDAP at all this is MUCH easier than editing flat text files, since you can use any LDAP tool (commandline or GUI) to do all the administration.
I don't find complex to directly modify the files, actually, I find it easier than having to write a ldif modification script every time I need to apply a change! I just go ahead and edit the corresponding ldif file on slapd.d
If you think the tree structure is confusing, then you obviously have not read the Admin Guide, which clearly outlines the structure.
It is not confusing, I actually find it very logic, but it is more complex than a single file. But that was discussed long ago on the list: lets face it, a single plain text file is always simpler than any more formated file, and you will always have someone complaining about it.
Now, if there was a graphical LDAP administration tool that handled the configuration: there would be a lot of happy people, and writing that tool (even by creating a template for existing tools) is now possible thanks to cn=config, it was not that easy with old slapd.conf file.
http://www.openldap.org/doc/admin24/slapdconf2.html#Configuration%20Layout
If you don't read the documentation you have only yourself to blame for being confused.
Yeah, that page is incomplete when compared to:
http://www.openldap.org/doc/admin24/slapdconfig.html
The cn=config directives is missing the access control part, that you can get:
http://www.openldap.org/doc/admin24/access-control.html#Access%20Control%20v...
Not a big deal, but it took me a while to realize that the documentation was no longer on the same place as for slapd.conf
Ildefonso Camargo