On Mon, Apr 18, 2011 at 10:50 AM, Olivier <ldap(a)guillard.nom.fr> wrote:
IN A DAY TO DAY ADMINISTRATION, SHOULD I EDIT SLAPD.CONF
AND USE SLAPTEST TO TRANSLATE INTO SLAPD.D STYLE OR
SHOULD I EDIT DIRECTLY FILES IN SLAPD.D AND DEFINITIVELY
REMOVE THE SLAPD.CONF FILE ?
IN THE FORMER CASE, IS THERE A DOCUMENTATION THAT DOESN'T
MIX SLAPD.CONF WITH SLAPD.D STYLE (I'm a bit confused with examples
I find to be honnest).
Additional info about my question :
I just start with ldap and I want to deploy an internal ldap directory
that will be used for various application (authentication, information
about staff in the company, etc). We are fresh, therefore we start
I'm playing with tan openldap server 2.4 installed on a fedora.
The documentation about the slapd configuration file(s) is not quite
clear to me : I find information about how to configure the server by
editing "slapd.conf", and at the same time this documentation says
that this file is obsolete and configuration files should now now be
stored in "slapd.d" directory.
I have managed to edit a correct slapd.conf file and I translated it
to a slapd.d style using slaptest utility : slapd is runing and I can
query my directory... ok !
But could some tell me what is the PROPER way to now maintain
and admininistrate an operational openldap directory : slapd.conf
or slapd.d style ?
From what I have read, the slapd.conf file is going away, so you
should use ldifs instead. Also, most of the stuff you would have setup
in slapd.conf (backend stuff like ACLs) should not change during
day-to-day operations (frontend stuff like users, groups, and machine
accounts). In any case, both backend and frontend stuff can be edited
using ldapadd/ldapmodify/etc while server is up and running.
That is AFAIK, of course. Which means I could be horribly wrong.
THANKS FOR YOUR HELP !