Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] LDAP config help sought (long post)


Howard Lowndes wrote:

I'm trying to get somewhere with setting up an LDAP database.

The problem I am encountering is that all the examples that I can find assume the the top level has a dn: of the form dc=example,dc=com such that slapd.conf looks like:
...
database bdb
suffix "cd=example,dc=com"
rootdn "cn=manager,dc=example,dc=com"
rootpw secret
directory /var/lib/ldap
...

and the top level LDIF file looks like:
...
dn: dc=example,dc=com
objectClass: dcObject
dc: example
objectClass: organization
o: Example Company
...

My problem is that I want a different top level, and I want my slapd.conf file to look like:
...
database bdb
suffix "o=myhosting"
rootdn "cn=manager,o=myhosting"
rootpw secret
directory /var/lib/ldap
...

and the top level LDIF file looks like:

dn: o=myhosting
objectClass: organisation
o: My Hosting

Thus far my layout works just fine, but when I come to add dcObjects I start to run into problems. An LDIF of:

dn: dc=example,dc=com,o=myhosting
objectClass: dcObject
dc: example

returns the following error:
# ldapadd -x -D 'cn=manager,o=myhosting' -W -f myhosting.ldif
adding new entry "dc=example,dc=com,o=myhosting"
ldap_add: Object class violation (65)
        additional info: no structural object class provided

If I then expand this LDIF file to:

dn: dc=example,dc=com,o=myhosting
objectClass: dcObject
dc: example
objectClass: organizationalUnit
ou: My Hosting


Perhaps you want this ldif:

dn: dc=example,dc=com,o=myhosting,
objectClass: dcObject
objectClass: organization
o: My Hosting
dc: example

Then, you may create 'ou's after that.


I now get this error:
# ldapadd -x -D 'cn=manager,o=myhosting' -W -f myhosting.ldif
adding new entry "dc=example,dc=com,o=myhosting"
ldap_add: No such object (32)
        matched DN: o=myhosting

or alternatively expand it to:

dn: dc=example,dc=com,o=myhosting
objectClass: dcObject
dc: example
objectClass: organization
o: My Hosting

then I still get the same error message.

The question at this point is: What am I doing wrong here?


Now, let us consider setting up my database more like the examples. The questions here are:

1: Can I have more than 1 "database bdb" entry, say 1 for each of several disparate domains?

2. If I can have more than 1 "database bdb" entry, can they all co-exist in the same directory path "/var/lib/ldap" or do they need separate directory paths "/var/lib/ldap/firstdomain", "/var/lib/seconddomain", etc?

3. Do the rootdn's have to match each dc= for its suffix or can it be quite different, and can I have a common rootdn for all domains?

4. I understand that multiple "database bdb" entries are permissible and apparently multiple suffix entries are permissible. Are multiple/multiples permissible?

5. If multiple suffixes are permissible under any "database bdb" entry, then how is the following considered:
suffix "dc=example,dc=com"
suffix "dc=sitea"
suffix "dc=siteb"
Is the third line a subset of the second or of the first?


That'll do for now.  TIA.