Rodolfo Alcazar Portillo wrote: > My own fedora-ldap-almost-howto, hope being useful to you, if you > improve it, please return it to the list, thnx. My job's domain ist > padep.org.bo, change your appropriate, and so with the rest. The > evolution part is up to you, but is very easy: > > - Install w/yum: > > # yum install php-ldap openldap openldap-clients openldap-servers > > - Configure to get this files: > > # cat /etc/ldap.conf |grep "^base" > > base dc=padep,dc=org,dc=bo > > # slappasswd > New password: blahblah > Re-enter new password: blahblah > {SSHA}g5/QcoAmy54qGOsks04cyXda3PVa2Jxg > > # cat /etc/openldap/slapd.conf | grep "^suffix\|^root" > suffix "dc=padep,dc=org,dc=bo" > rootdn "cn=admin,dc=padep,dc=org,dc=bo" > rootpw {SSHA}g5/QcoAmy54qGOsks04cyXda3PVa2Jxg The trouble with this, in my eyes, is that you have given no explanation of why you make the choices you do in creating your conf files. This is in fact what I find off-putting in almost all ldap documentation. Why for example do you say suffix "dc=padep,dc=org,dc=bo" Could you equally well have said suffix "dc=padep.org.bo" ? [And what does "suffix" mean, anyway?] Must your choice be the address of your LDAP server? Incidentally, do you actually need ldap.conf ? Half the documents I have looked at only consider slapd.conf . In any case there should be some explanation of the purposes of these 2 different conf files. As far as I can make out - and if I am right I am completely baffled why no LDAP tutorial explains this clearly - the entries in an LDAP directory are represented by nodes on a tree, and the rather bizarre entries like the above are strange ways of specifying these nodes, eg bo->org->padep in your case, with bo at the root. > # service ldap start > Checking configuration files for slapd: bdb_db_open: Warning - No > DB_CONFIG file found in directory /var/lib/ldap: (2) > Expect poor performance for suffix dc=padep,dc=org,dc=bo. > config file testing succeeded Don't you think this warning calls for at least some explanation on your part? I would think twice before running software if I had been told that something is missing. > - Create a basic .ldif file: > # cat /etc/openldap/padep.ldif > dn: dc=padep,dc=org,dc=bo > objectclass: dcObject > objectclass: organization > o: Example Company > dc: padep > dn: cn=admin,dc=padep,dc=org,dc=bo > objectclass: organizationalRole > cn: admin Surely this kind of gobbledygook calls for some explanation? What does it mean when you say objectclass: dcObject objectclass: organization ? As far as I can see, it means that the entry in question will have the attributes specified (where?) in the definitions of dcObject and organization, ie the type of the entry is the union of the objectlass'es given. Is that correct? Again, if it is then I am completely baffled that none of the tutorials mention what seems to me essential to an understanding of the file in question. In my case, I'm still pondering the choice between LDAP and vCard for a LAN-wide address-book. vCard has the great advantage in my eyes that the format is clearly defined, with an XML DTD definition if desired. >From a practical point of view, it also seems the format used in mobile phones, which is quite significant. The disadvantage of vCard, as far as I can see, is that one would have to keep a copy on each machine. -- Timothy Murphy e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland