SLUG Mailing List Archives - [SLUG] LDAP config help sought (long post)

To: Mail List - SLUG <slug@xxxxxxxxxxx>
Subject: [SLUG] LDAP config help sought (long post)
From: Howard Lowndes <lannet@xxxxxxxxxxxxx>
Date: Thu, 14 Jul 2005 12:28:56 +1000
Organization: LANNet Computing Associates
User-agent: Mozilla Thunderbird 1.0.2-6 (X11/20050513)

I'm trying to get somewhere with setting up an LDAP database.

The problem I am encountering is that all the examples that I can findassume the the top level has a dn: of the form dc=example,dc=com suchthat slapd.conf looks like:

...
database bdb
suffix "cd=example,dc=com"
rootdn "cn=manager,dc=example,dc=com"
rootpw secret
directory /var/lib/ldap
...

and the top level LDIF file looks like:
...
dn: dc=example,dc=com
objectClass: dcObject
dc: example
objectClass: organization
o: Example Company
...

My problem is that I want a different top level, and I want myslapd.conf file to look like:

...
database bdb
suffix "o=myhosting"
rootdn "cn=manager,o=myhosting"
rootpw secret
directory /var/lib/ldap
...

and the top level LDIF file looks like:

dn: o=myhosting
objectClass: organisation
o: My Hosting

Thus far my layout works just fine, but when I come to add dcObjects Istart to run into problems. An LDIF of:


dn: dc=example,dc=com,o=myhosting
objectClass: dcObject
dc: example

returns the following error:
# ldapadd -x -D 'cn=manager,o=myhosting' -W -f myhosting.ldif
adding new entry "dc=example,dc=com,o=myhosting"
ldap_add: Object class violation (65)
        additional info: no structural object class provided

If I then expand this LDIF file to:

dn: dc=example,dc=com,o=myhosting
objectClass: dcObject
dc: example
objectClass: organizationalUnit
ou: My Hosting

I now get this error:
# ldapadd -x -D 'cn=manager,o=myhosting' -W -f myhosting.ldif
adding new entry "dc=example,dc=com,o=myhosting"
ldap_add: No such object (32)
        matched DN: o=myhosting

or alternatively expand it to:

dn: dc=example,dc=com,o=myhosting
objectClass: dcObject
dc: example
objectClass: organization
o: My Hosting

then I still get the same error message.

The question at this point is: What am I doing wrong here?

Now, let us consider setting up my database more like the examples. Thequestions here are:

1: Can I have more than 1 "database bdb" entry, say 1 for each ofseveral disparate domains?

2. If I can have more than 1 "database bdb" entry, can they all co-existin the same directory path "/var/lib/ldap" or do they need separatedirectory paths "/var/lib/ldap/firstdomain", "/var/lib/seconddomain", etc?

3. Do the rootdn's have to match each dc= for its suffix or can it bequite different, and can I have a common rootdn for all domains?

4. I understand that multiple "database bdb" entries are permissible andapparently multiple suffix entries are permissible. Aremultiple/multiples permissible?

5. If multiple suffixes are permissible under any "database bdb" entry,then how is the following considered:

suffix "dc=example,dc=com"
suffix "dc=sitea"
suffix "dc=siteb"
Is the third line a subset of the second or of the first?


That'll do for now.  TIA.



--
Howard.
LANNet Computing Associates - Your Linux people <http://lannet.com.au>
--
When you just want a system that works, you choose Linux;
When you want a system that just works, you choose Microsoft.
--
Flatter government, not fatter government;
Get rid of the Australian states.

Follow-Ups:
- Re: [SLUG] LDAP config help sought (long post)
  - From: Matt Hope
- Re: [SLUG] LDAP config help sought (long post)
  - From: O Plameras
- Re: [SLUG] LDAP config help sought (long post)
  - From: Angus Lees
- Re: [SLUG] LDAP config help sought (long post)
  - From: Jeff Waugh

Messages sorted by: [ date | thread ]
Prev by Date: [SLUG] How to start a business - free seminar 21st July (Sydney)
Next by Date: [SLUG] How do I enable structured comments in dvips
Previous by thread: [SLUG] How to start a business - free seminar 21st July (Sydney)
Next by thread: Re: [SLUG] LDAP config help sought (long post)