Rodolfo Alcazar Portillo wrote:
My own fedora-ldap-almost-howto, hope being useful to you, if you
improve it, please return it to the list, thnx. My job's domain ist
padep.org.bo, change your appropriate, and so with the rest. The
evolution part is up to you, but is very easy:
- Install w/yum:
# yum install php-ldap openldap openldap-clients openldap-servers
- Configure to get this files:
# cat /etc/ldap.conf |grep "^base"
base dc=padep,dc=org,dc=bo
# slappasswd
New password: blahblah
Re-enter new password: blahblah
{SSHA}g5/QcoAmy54qGOsks04cyXda3PVa2Jxg
# cat /etc/openldap/slapd.conf | grep "^suffix\|^root"
suffix "dc=padep,dc=org,dc=bo"
rootdn "cn=admin,dc=padep,dc=org,dc=bo"
rootpw {SSHA}g5/QcoAmy54qGOsks04cyXda3PVa2Jxg
The trouble with this, in my eyes,
is that you have given no explanation of why you make the choices you do
in creating your conf files.
This is in fact what I find off-putting in almost all ldap documentation.
Why for example do you say
suffix "dc=padep,dc=org,dc=bo"
Could you equally well have said
suffix "dc=padep.org.bo"
?
[And what does "suffix" mean, anyway?]
Must your choice be the address of your LDAP server?
Incidentally, do you actually need ldap.conf ?
Half the documents I have looked at only consider slapd.conf .
In any case there should be some explanation
of the purposes of these 2 different conf files.
As far as I can make out -
and if I am right I am completely baffled why no LDAP tutorial
explains this clearly -
the entries in an LDAP directory are represented by nodes on a tree,
and the rather bizarre entries like the above
are strange ways of specifying these nodes, eg
bo->org->padep in your case, with bo at the root.
# service ldap start
Checking configuration files for slapd: bdb_db_open: Warning - No
DB_CONFIG file found in directory /var/lib/ldap: (2)
Expect poor performance for suffix dc=padep,dc=org,dc=bo.
config file testing succeeded
Don't you think this warning calls for at least some explanation
on your part?
I would think twice before running software if I had been told
that something is missing.
- Create a basic .ldif file:
# cat /etc/openldap/padep.ldif
dn: dc=padep,dc=org,dc=bo
objectclass: dcObject
objectclass: organization
o: Example Company
dc: padep
dn: cn=admin,dc=padep,dc=org,dc=bo
objectclass: organizationalRole
cn: admin
Surely this kind of gobbledygook calls for some explanation?
What does it mean when you say
objectclass: dcObject
objectclass: organization
?
As far as I can see, it means that the entry in question
will have the attributes specified (where?)
in the definitions of dcObject and organization,
ie the type of the entry is the union of the objectlass'es given.
Is that correct?
Again, if it is then I am completely baffled
that none of the tutorials mention what seems to me
essential to an understanding of the file in question.
In my case, I'm still pondering the choice between LDAP and vCard
for a LAN-wide address-book.
vCard has the great advantage in my eyes
that the format is clearly defined, with an XML DTD definition if desired.
From a practical point of view, it also seems the format used
in mobile phones, which is quite significant.
The disadvantage of vCard, as far as I can see,
is that one would have to keep a copy on each machine.