Hi all,
I am a very novice (less than a week) with OpenLDAP and I have some basics problems.
First, I have the 2.4.25 version and I downloaded the Admin Guide as a documentation.
I understood that the way to configure the server change from slapd.conf to cn=config and this change is not clear by reading the documention.
My question is simple, how to create my own DIT without interfering with the default configuration ?
The end goal of this server is to have a radius server interrogating the LDAP one to deliver IP address to a GGSN (GPRS équipement).
Thanks for the help provided.
Aurélien Lafranchise | Consultant Tél. : +33 (0)1 75 43 55 12 | Fax : +33 (0)1 75 43 55 11 www.snype-consulting.com
Inline.
On 01/06/11 05:46 AM, Aurélien Lafranchise wrote:
Hi all,
I am a very novice (less than a week) with OpenLDAP and I have some basics problems.
First, I have the 2.4.25 version and I downloaded the Admin Guide as a documentation.
I understood that the way to configure the server change from slapd.conf to cn=config and this change is not clear by reading the documention.
My question is simple, how to create my own DIT without interfering with the default configuration ?
I took the (quick, lazy) path of making a slapd.conf and using slaptest to convert to the cn=config format. The slapd.conf was basic enough to have database locations and indexing, and I added replication later via ldapmodifies to cn=config.
It also helped that I could look at the entries under cn=config and compare them to my slapd.conf.
The end goal of this server is to have a radius server interrogating the LDAP one to deliver IP address to a GGSN (GPRS équipement).
So far I've found that the configuration with the fewest points of failure is when the ldap directory is on the same host as the radius daemon. Also, perhaps look into the FreeRADIUS schema for OpenLDAP as a convenient way to get started storing your radius information in the directory.
Thanks for the help provided.
Aurélien Lafranchise | Consultant Tél. : +33 (0)1 75 43 55 12 | Fax : +33 (0)1 75 43 55 11 www.snype-consulting.com http://www.snype-consulting.com/
Hi,
Inline
Aurélien Lafranchise | Consultant Tél. : +33 (0)1 75 43 55 12 | Fax : +33 (0)1 75 43 55 11 www.snype-consulting.com
2011/6/4 Christopher Wood christopher_wood@pobox.com
Inline.
On 01/06/11 05:46 AM, Aurélien Lafranchise wrote:
Hi all,
I am a very novice (less than a week) with OpenLDAP and I have some basics problems.
First, I have the 2.4.25 version and I downloaded the Admin Guide as a documentation.
I understood that the way to configure the server change from slapd.conf to cn=config and this change is not clear by reading the documention.
My question is simple, how to create my own DIT without interfering with the default configuration ?
I took the (quick, lazy) path of making a slapd.conf and using slaptest to convert to the cn=config format. The slapd.conf was basic enough to have database locations and indexing, and I added replication later via ldapmodifies to cn=config.
It also helped that I could look at the entries under cn=config and compare them to my slapd.conf.
Ok, thanks it is not the best but very efficient !
The end goal of this server is to have a radius server interrogating the
LDAP one to deliver IP address to a GGSN (GPRS équipement).
So far I've found that the configuration with the fewest points of failure is when the ldap directory is on the same host as the radius daemon. Also, perhaps look into the FreeRADIUS schema for OpenLDAP as a convenient way to get started storing your radius information in the directory.
Why do you have a problem by having freeradius and openldap on the same server ?
I found the freeradius schema and I have to modify it so it take more time.
Do you have an idea about what is a collective attribute ?
Thanks for the help provided.
Aurélien Lafranchise | ConsultantTél. : +33 (0)1 75 43 55 12 | Fax : +33 (0)1 75 43 55 11 www.snype-consulting.com http://www.snype-consulting.com/
inline
On 06/06/11 05:01 AM, Aurélien Lafranchise wrote:
Hi,
Inline
Aurélien Lafranchise | Consultant Tél. : +33 (0)1 75 43 55 12 | Fax : +33 (0)1 75 43 55 11 www.snype-consulting.com http://www.snype-consulting.com/
2011/6/4 Christopher Wood <christopher_wood@pobox.com mailto:christopher_wood@pobox.com>
Inline. On 01/06/11 05:46 AM, Aurélien Lafranchise wrote: Hi all, I am a very novice (less than a week) with OpenLDAP and I have some basics problems. First, I have the 2.4.25 version and I downloaded the Admin Guide as a documentation. I understood that the way to configure the server change from slapd.conf to cn=config and this change is not clear by reading the documention. My question is simple, how to create my own DIT without interfering with the default configuration ? I took the (quick, lazy) path of making a slapd.conf and using slaptest to convert to the cn=config format. The slapd.conf was basic enough to have database locations and indexing, and I added replication later via ldapmodifies to cn=config. It also helped that I could look at the entries under cn=config and compare them to my slapd.conf.Ok, thanks it is not the best but very efficient !
I'm still learning myself, so I figured that the provided tools will be better than me at making cn=config setups.
The end goal of this server is to have a radius server interrogating the LDAP one to deliver IP address to a GGSN (GPRS équipement). So far I've found that the configuration with the fewest points of failure is when the ldap directory is on the same host as the radius daemon. Also, perhaps look into the FreeRADIUS schema for OpenLDAP as a convenient way to get started storing your radius information in the directory.Why do you have a problem by having freeradius and openldap on the same server ?
I meant that the configuration with the least problems was when they were on the same server. I've tried the (radius -> firewall -> load balancer -> ldap) configuration before and at times it wasn't the best it could be.
I found the freeradius schema and I have to modify it so it take more time.
Do you have an idea about what is a collective attribute ?
I have no idea, but the IETF has all the RFCs:
http://www.ietf.org/rfc/rfc3671.txt
Thanks for the help provided. Aurélien Lafranchise | Consultant Tél. : +33 (0)1 75 43 55 12 | Fax : +33 (0)1 75 43 55 11 www.snype-consulting.com <http://www.snype-consulting.com> <http://www.snype-consulting.com/>
openldap-technical@openldap.org
-
Aurélien Lafranchise -
Christopher Wood