Howdy.

I wonder if the ldif sample example the end of chapter 5 is correct ? See below: ---- 1. # example config file - global configuration entry 2. dn: cn=config 3. objectClass: olcGlobal 4. cn: config 5. olcReferral: ldap://root.openldap.org 6.

Line 1 is a comment. Lines 2-4 identify this as the global configuration entry. The olcReferral: directive on line 5 means that queries not local to one of the databases defined below will be referred to the LDAP server running on the standard port (389) at the host root.openldap.org. Line 6 is a blank line, indicating the end of this entry.

7. # internal schema 8. dn: cn=schema,cn=config 9. objectClass: olcSchemaConfig 10. cn: schema 11.

Line 7 is a comment. Lines 8-10 identify this as the root of the schema subtree. The actual schema definitions in this entry are hardcoded into slapd so no additional attributes are specified here. Line 11 is a blank line, indicating the end of this entry.

12. # include the core schema 13. include: file:///usr/local/etc/openldap/schema/core.ldif 14.

Line 12 is a comment. Line 13 is an LDIF include directive which accesses the core schema definitions in LDIF format. Line 14 is a blank line.

Next comes the database definitions. The first database is the special frontend database whose settings are applied globally to all the other databases.

15. # global database parameters 16. dn: olcDatabase=frontend,cn=config 17. objectClass: olcDatabaseConfig 18. olcDatabase: frontend 19. olcAccess: to * by * read 20.

Line 15 is a comment. Lines 16-18 identify this entry as the global database entry. Line 19 is a global access control. It applies to all entries (after any applicable database-specific access controls). Line 20 is a blank line.

The next entry defines the config backend.

21. # set a rootpw for the config database so we can bind. 22. # deny access to everyone else. 23. dn: olcDatabase=config,cn=config 24. objectClass: olcDatabaseConfig 25. olcDatabase: config 26. olcRootPW: {SSHA}XKYnrjvGT3wZFQrDD5040US592LxsdLy 27. olcAccess: to * by * none 28.

Lines 21-22 are comments. Lines 23-25 identify this entry as the config database entry. Line 26 defines the super-user password for this database. (The DN defaults to "cn=config".) Line 27 denies all access to this database, so only the super-user will be able to access it. (This is already the default access on the config database. It is just listed here for illustration, and to reiterate that unless a means to authenticate as the super-user is explicitly configured, the config database will be inaccessible.) -----

The trouble i had is regarding the olcDatabase=frontend and olcDatabase=config stanzas.

slapadd could do its work but the layout in cn=config/ would look like this afterwards: ----- olcDatabase=frontent.ldif olcDatabase=config.ldif olcDatabase=hdb.ldif ----- And as soon as slapd started an extraneous ghostly olcDatabase={-1}frontend.ldif would show up.

I had to instantiate the frontend and config as this. --- dn: olcDatabase={-1}frontend,cn=config objectClass: olcDatabaseConfig olcDatabase: {-1}frontend --- and ---- dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config ----

Which works for me.