Mark J. Reed wrote:
On Wed, Oct 20, 2010 at 7:54 AM, Buchan Milne bgmilne@staff.telkomsa.net wrote:
Assuming you didn't install from source, consult whoever provided you with OpenLDAP without a slapd.conf.
I'm guessing that's Canonical; the slapd package shipped for Ubuntu has no slapd.conf, just a slapd.d/cn=config tree. Maybe they jumped the gun a bit, but I've seen lots of (at least unofficial) mentions that the slapd.conf style is outdated and back-config is the way to go. Which makes using slapd.conf for a brand new installation feel unwise. Old-fashioned, at best. I seem to recall reading as much in the documentation somewhere, too, but I won't swear to it.
However, the new hotness is not, as far as I can tell, well-documented. Things like slapd-ldap(5)'s CONFIGURATION section say absolutely nothing about back-config; I had to read the source code to find the mapping from configuration parameters (like "acl-authcDN") to LDAP attributes (like "olcDbACLAuthcDN"). So, currently, it seems the easiest way to create a back-config is to write a slapd.conf and then convert it with slaptest.
No need to read the source code, just do an ldapsearch on "cn=schema,cn=config".
All of which is bound to leave the beginning openldap admin a tiny bit confused. What's considered best practice right now for new installs?