Ubuntu 10.0.4 uses ldap 2.4.21, which does not use slapd.conf. I am having difficulty finding good documentation to configure openladap without slapd.conf. Is there a simple doc available on this?
Raymond
On Tue, Aug 3, 2010 at 12:19 PM, Raymond Norton admin@lctn.org wrote:
Ubuntu 10.0.4 uses ldap 2.4.21, which does not use slapd.conf. I am having difficulty finding good documentation to configure openladap without slapd.conf. Is there a simple doc available on this?
Raymond
In /etc/default/sldap you can tell it to use slapd.conf:
# Location of the slapd configuration to use. If using the cn=config # backend to store configuration in LDIF, set this variable to the # directory containing the cn=config data; otherwise set it to the location # of your slapd.conf file. If empty, use the compiled-in default # (/etc/ldap/slapd.d). #SLAPD_CONF= SLAPD_CONF=/var/lib/ldap/slapd.conf
That said, the new way seem to feed the ldap database with the stuff you had in sladp.conf using ldif files. I personally have not done that yet though; I am still using slapd.conf.
--On Tuesday, August 03, 2010 12:34 PM -0400 Mauricio Tavares raubvogel@gmail.com wrote:
On Tue, Aug 3, 2010 at 12:19 PM, Raymond Norton admin@lctn.org wrote:
Ubuntu 10.0.4 uses ldap 2.4.21, which does not use slapd.conf. I am having difficulty finding good documentation to configure openladap without slapd.conf. Is there a simple doc available on this?
read the slapd-config man page, read the admin guide, etc.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Raymond Norton wrote:
Ubuntu 10.0.4 uses ldap 2.4.21, which does not use slapd.conf. I am having difficulty finding good documentation to configure openladap without slapd.conf. Is there a simple doc available on this?
Raymond
The official Ubuntu 10.04 Server guide has lots of examples for configuring OpenLDAP using cn=config.
https://help.ubuntu.com/10.04/serverguide/C/index.html
Best regards.
Em 03-08-2010 13:19, Raymond Norton escreveu:
Ubuntu 10.0.4 uses ldap 2.4.21, which does not use slapd.conf. I am having difficulty finding good documentation to configure openladap without slapd.conf. Is there a simple doc available on this?
BTW, any known user-friendly GUI for cn=config, either stable, project or draft?
Regards,
This has been asked before - and the response has always been any gui ldap browser - like apache directory studio.
Nothing (yet) for editing cn=config specifically yet.
- chris
Chris Jacobs, Systems Administrator Apollo Group | Apollo Marketing | Aptimus 2001 6th Ave Ste 3200 | Seattle, WA 98121 phone: 206.441.9100 x1245 | mobile: 206.601.3256 | fax: 206.441.9661 email: chris.jacobs@apollogrp.edu
----- Original Message ----- From: openldap-technical-bounces@OpenLDAP.org openldap-technical-bounces@OpenLDAP.org To: openldap-technical@openldap.org openldap-technical@openldap.org Sent: Tue Aug 03 12:51:48 2010 Subject: cn=Config GUI was: Re: ldap on Ubuntu 10.0.4
Em 03-08-2010 13:19, Raymond Norton escreveu:
Ubuntu 10.0.4 uses ldap 2.4.21, which does not use slapd.conf. I am having difficulty finding good documentation to configure openladap without slapd.conf. Is there a simple doc available on this?
BTW, any known user-friendly GUI for cn=config, either stable, project or draft?
Regards,
-- Marcio Merlone
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
Chris Jacobs wrote:
This has been asked before - and the response has always been any gui ldap
browser - like apache directory studio.
I used to use jxplorer but that seems not to be actively maintained these days. I would definitely use Apache Directory Studio if I wanted a GUI now.
Nothing (yet) for editing cn=config specifically yet.
- chris
Chris Jacobs, Systems Administrator Apollo Group | Apollo Marketing | Aptimus 2001 6th Ave Ste 3200 | Seattle, WA 98121 phone: 206.441.9100 x1245 | mobile: 206.601.3256 | fax: 206.441.9661 email: chris.jacobs@apollogrp.edu
----- Original Message ----- From: openldap-technical-bounces@OpenLDAP.orgopenldap-technical-bounces@OpenLDAP.org To: openldap-technical@openldap.orgopenldap-technical@openldap.org Sent: Tue Aug 03 12:51:48 2010 Subject: cn=Config GUI was: Re: ldap on Ubuntu 10.0.4
Em 03-08-2010 13:19, Raymond Norton escreveu:
Ubuntu 10.0.4 uses ldap 2.4.21, which does not use slapd.conf. I am having difficulty finding good documentation to configure openladap without slapd.conf. Is there a simple doc available on this?
BTW, any known user-friendly GUI for cn=config, either stable, project or draft?
Regards,
-- Marcio Merlone
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
Em 03-08-2010 17:12, Howard Chu escreveu:
Chris Jacobs wrote:
This has been asked before - and the response has always been any gui ldap
browser - like apache directory studio.
I used to use jxplorer but that seems not to be actively maintained these days. I would definitely use Apache Directory Studio if I wanted a GUI now.
Nothing (yet) for editing cn=config specifically yet.
I know of some LDAP GUI for editing entries, but my question was specifically about a hi-level tool, where you don't have to care about semantics and rules, attributes, etc. Something where you can change "Debug level" using a drop-down or multiple checkbox choices instead of "olcLogLevel", just to illustrate what I mean.
Thanks anyway and best regards.
On 8/4/10 1:36 PM, Marcio Merlone wrote:
Em 03-08-2010 17:12, Howard Chu escreveu:
Chris Jacobs wrote:
This has been asked before - and the response has always been any gui ldap
browser - like apache directory studio.
I used to use jxplorer but that seems not to be actively maintained these days. I would definitely use Apache Directory Studio if I wanted a GUI now.
Nothing (yet) for editing cn=config specifically yet.
I know of some LDAP GUI for editing entries, but my question was specifically about a hi-level tool, where you don't have to care about semantics and rules, attributes, etc. Something where you can change "Debug level" using a drop-down or multiple checkbox choices instead of "olcLogLevel", just to illustrate what I mean.
We are working on integrating such a tool in Apache Directory Studio. May be by the end of this year. Keep tuned...
Marcio Merlone marcio.merlone@a1.ind.br writes:
Em 03-08-2010 17:12, Howard Chu escreveu:
Chris Jacobs wrote:
This has been asked before - and the response has always been any gui ldap
browser - like apache directory studio.
I used to use jxplorer but that seems not to be actively maintained these days. I would definitely use Apache Directory Studio if I wanted a GUI now.
Nothing (yet) for editing cn=config specifically yet.
I know of some LDAP GUI for editing entries, but my question was specifically about a hi-level tool, where you don't have to care about semantics and rules, attributes, etc. Something where you can change "Debug level" using a drop-down or multiple checkbox choices instead of "olcLogLevel", just to illustrate what I mean.
Why don't you create your own tools? http://pastebin.de/8800 shows a perl script on how to modify loglevel. Furthermore you may have a look at http://web2ldap.de which provides a python based graphical user interface.
-Dieter
I would definitely use Apache Directory Studio
if I wanted a GUI now.
Note when it comes to some updates in cn=config that ADS doesn't work. These are the attributes where you have to drop all the values and re-add them in.
I tend to create a little ldif for the changes and apply them to the directory. By keeping the ldif files I have a history of what config changes were made when.
Aside from those niggles though I'd recommend ADS as an excellent GUI for general querying/amending of records. Also if you use Eclipse for development, you can just add it in as a plugin.
Carl
Scanned by MailDefender - managed email security from intY - www.maildefender.net
On 8/5/10 10:49 AM, Carl Johnstone wrote:
I would definitely use Apache Directory Studio if I wanted a GUI now.
Note when it comes to some updates in cn=config that ADS doesn't work. These are the attributes where you have to drop all the values and re-add them in.
I don't think ADS is to blame here. It's more likely that OpenLDAP does not support partial modification of a schema entry (simply because it's a PITA to handle in the server).
I may be wrong though. Cab some OpenLDAP dev confirm ?
Emmanuel Lecharny wrote:
On 8/5/10 10:49 AM, Carl Johnstone wrote:
I would definitely use Apache Directory Studio if I wanted a GUI now.
Note when it comes to some updates in cn=config that ADS doesn't work. These are the attributes where you have to drop all the values and re-add them in.
I don't think ADS is to blame here. It's more likely that OpenLDAP does not support partial modification of a schema entry (simply because it's a PITA to handle in the server).
I may be wrong though. Cab some OpenLDAP dev confirm ?
No idea. Carl didn't give any specifics on which attributes he was talking about...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 08/06/2010 05:58 PM, Howard Chu wrote:
Emmanuel Lecharny wrote:
On 8/5/10 10:49 AM, Carl Johnstone wrote:
Note when it comes to some updates in cn=config that ADS doesn't work. These are the attributes where you have to drop all the values and re-add them in.
I don't think ADS is to blame here. It's more likely that OpenLDAP does not support partial modification of a schema entry (simply because it's a PITA to handle in the server).
I may be wrong though. Cab some OpenLDAP dev confirm ?
No idea. Carl didn't give any specifics on which attributes he was talking about...
Can olcAuthzRegexp be changed online without restarting the server? We've had some problems with this particular attribute.
Ondra
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
openldap-technical@openldap.org
-
Carl Johnstone -
Chris Jacobs -
Dieter Kluenter -
Emmanuel Lecharny -
Howard Chu -
Jorge Armando Medina -
Marcio Merlone -
Mauricio Tavares -
Ondrej Kuznik -
Quanah Gibson-Mount -
Raymond Norton