Il 21/04/2011 11:05, Howard Chu ha scritto:
If you don't understand LDAP and LDIF then you cannot effectively administer an LDAP server. Period. There is no chicken and egg here - you must understand LDAP. You must know what "DIT" means. You must know what a DN is. You must know what a schema is. You must know what an attribute is. There is no bypassing this required knowledge.
When you know what these things are, cn=config is just another DIT, that you manage just like every other DIT. The learning curve for cn=config is shorter than for slapd.conf, because once you learn the essential elements of LDAP, you also know all the essentials for configuring slapd. Otherwise, you have to learn LDAP + LDIF + slapd.conf syntax, which history has shown practically everybody gets *wrong*. The web is full of bogus slapd.conf examples with directives scattered all over the place, instead of in their proper order and location. Our ITS is frequently littered with such junk, configs created by people who hastily copy/pasted something they read from some howto somewhere, without understanding what they were really doing.
Sorry but I cannot agree to this. Using cn=config, at least for now, is far more complex. Saying that's just another DIT is misleading.
To understand configuration you need to understand what that DIT contents means, and the syntax you have to use for it. So you have to learn LDAP + LDIF + cn=config syntax.
And as far I can see the cn=config syntax is far more complex than the one of slapd.conf.
Probably I'm stupid but still I see as very hard to read all that {N} placed all around that you need to use as special values for DN's, and the same is for all those olcSomeThing attributes and those olcSomeClass objectclass that you have to use.
So something like:
slapadd -n0 dn: cn=config objectClass: olcGlobal cn: config
dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcRootPW: MySecretPassword <EOF>
for me is not easier to understand than saying change the rootpw line on the database stanza of your slapd.conf.
And sorry, probably its a bad habit, but I'm used to put comments in my configurations files, and I cannot see how I can do this here.
Regards Simone