Mitch Patenaude
2011-Aug-17 19:03 UTC
[CentOS] OpenLDAP setup and bootstraping in CentOS 6
I'm having trouble getting openldap through its initial setup. I created a /etc/openldap/slap.conf file with a default rootdn and rootpw, and they didn't seem to take effect. After much wailing and gnashing of teeth I found that if there is a config directory at /etc/openldap/slapd.d, it will ignore slapd.conf. I can't figure out how to translate slapd.conf into the (new?) standard of slapd.d because all the examples I can find still use slapd.conf. Am I better off just deleting (or renaming) slapd.d? Does anybody know the proper format for slapd.d entries? Thanks, -- Mitch Patenaude -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20110817/c9ded649/attachment-0002.html>
On Wed, Aug 17, 2011 at 07:03:28PM +0000, Mitch Patenaude wrote:> I'm having trouble getting openldap through its initial setup. > > I created a /etc/openldap/slap.conf file with a default rootdn and rootpw, and > they didn't seem to take effect. After much wailing and gnashing of teeth I > found that if there is a config directory at /etc/openldap/slapd.d, it will > ignore slapd.conf. I can't figure out how to translate slapd.conf into the > (new?) standard of slapd.d because all the examples I can find still use > slapd.conf. > > Am I better off just deleting (or renaming) slapd.d? Does anybody know the > proper format for slapd.d entries? >I might as well spam my own page (where I suggest deleting it) for LDAP. http://home.roadrunner.com/~computertaijutsu/ldap.html I don't know of anyone who got it working with that slap.d, nor have I seen any documentation on it--on the other hand, I didn't look very hard. I would almost guarantee it adds no new advantages. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Buffy: Could I be seeing Billy's asteroid body? Giles: Astral body, and I don't know.
On 08/17/2011 12:03 PM, Mitch Patenaude wrote: ...> I created a /etc/openldap/slap.conf file with a default rootdn and > rootpw, and they didn't seem to take effect. After much wailing and > gnashing of teeth I found that if there is a config directory at > /etc/openldap/slapd.d, it will ignore slapd.conf. I can't figure out how > to translate slapd.conf into the (new?) standard of slapd.d because all > the examples I can find still use slapd.conf. > > Am I better off just deleting (or renaming) slapd.d? Does anybody know > the proper format for slapd.d entries?... You'd be best off learning the new method of configuration as I've heard rumors that the slapd.conf file will be deprecated at some point. Here you can find some additional information: http://www.zytrax.com/books/ldap/ch6/slapd-config.html Basically, any slap* command which can reference a file will perform the conversion. HTH, -- Josh Miller Open Source Solutions Architect http://itsecureadmin.com/
On Aug 17, 2011, at 12:03 PM, Mitch Patenaude wrote:> I'm having trouble getting openldap through its initial setup. > > I created a /etc/openldap/slap.conf file with a default rootdn and rootpw, and they didn't seem to take effect. After much wailing and gnashing of teeth I found that if there is a config directory at /etc/openldap/slapd.d, it will ignore slapd.conf. I can't figure out how to translate slapd.conf into the (new?) standard of slapd.d because all the examples I can find still use slapd.conf. > > Am I better off just deleting (or renaming) slapd.d? Does anybody know the proper format for slapd.d entries?---- presuming what you are referring to is dynamic configuration - flat files are not used any more. Haven't tried with CentOS 6 because I switched my newer setups to Ubuntu but Ubuntu 10.04 also uses dynamic configuration methods and if that is the case... /etc/openldap/slapd.conf is meaningless - at least in Ubuntu renaming or deleting /etc/openldap/slapd.d would be a self-defeating act... that's where the results of dynamic configuration will end up. start over, baby steps... script everything you do so it's repeatable start by adding your schema's then define the backend then define the base then define your ACL's then you can pull in the DSA Craig