[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Proofed slapd.conf + *.ldif example ??



<quote who="Murat Ünalan">
> I checked the "Admin Guide" and failed getting openLDAP version
> 2.0.19 work. Before boring everyone with my explicit problems:
>
> Does anybody have a slapd.conf in combination with an *.ldif file
> for me (which are proofed to be working)?!

you can find mull.schema on the net, search for netscape
roaming with ldap. if you don't need/want roaming, take out
the include for mull.schema and remove the roaming entries
below.

here is one i setup last night, which works for me:

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27
20:00:31 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /usr/local/openldap/etc/openldap/schema/core.schema
include         /usr/local/openldap/etc/openldap/schema/cosine.schema
include         /usr/local/openldap/etc/openldap/schema/nis.schema
include
/usr/local/openldap/etc/openldap/schema/inetorgperson.schema
include         /usr/local/openldap/etc/openldap/schema/misc.schema
include         /usr/local/openldap/etc/openldap/schema/mull.schema

pidfile         /usr/local/openldap/var/slapd.pid
argsfile        /usr/local/openldap/var/slapd.args
loglevel        256
schemacheck     on
#######################################################################
# ldbm database definitions
#######################################################################

database        ldbm
directory       /usr/local/openldap/var/ldap
suffix          "o=linuxpowered,c=us"
rootdn          "cn=admin,o=linuxpowered,c=us"
rootpw  secret
# Indices to maintain
index   cn,sn,uid       pres,eq,sub
index   objectClass     eq
lastmod on

access to *
        by dn="cn=admin,o=linuxpowered,c=us" write
        by self write
        by * read



BASE.LDIF
dn: o=linuxpowered,c=us
objectClass: organization
o: linuxpowered

dn: cn=admin,o=linuxpowered,c=us
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: admin
description: LDAP administrator
userPassword: {MD5}RDRNn4VQY+q2bmOEtzPnVg==

(the password there is 'slapd')

once you add that BASE.LDIF then remove the 'rootpw'
from slapd.conf and restart slapd. from then on use
'slapd' as the password. you can change it later to
something else if you want, i kept it simple for testing
purposes.

then a basic entry for LDIF:

accounts.LDIF:

dn: ou=People,o=linuxpowered,c=us
objectClass: organizationalUnit
ou: People

dn: ou=Roaming,o=linuxpowered,c=us
objectClass: organizationalUnit
ou: Roaming

dn: ou=Group, o=linuxpowered,c=us
objectClass: top
objectClass: organizationalUnit
ou: Group

dn: cn=Jorge Jetson, ou=People, o=linuxpowered, c=us
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: organizationalPerson
objectClass: inetLocalMailRecipient
uid: jorgej
cn: Jorge Jetson
sn: Jetson
givenName: Jorge
title: System Administrator
departmentNumber: Information Technology
userPassword: {MD5}aEaBZG/SVbRccU/UYbzxCg==
telephoneNumber: 000-000-1234
facsimileTelephoneNumber: 000-111-1234
mobile: 000-000-1234
postalAddress: My address
labeledURI: http://portal.aphroland.org
mail: myemailaddress@onmyserver.com
mailLocalAddress: myemail@addressonmyserver.com
mailRoutingAddress: my@routing.emailaddressonmyserver.com
mailHost: portal.aphroland.org
loginShell: /bin/bash
uidNumber: 3001
gidNumber: 3001
homeDirectory: /home/jorgej
gecos: Jorge Jetson
description: System Admin
l: My location

dn: cn=jorgej,ou=Group,o=linuxpowered,c=us
objectClass: posixGroup
objectClass: top
cn: jorgej
gidNumber: 3001

dn: nsLIProfileName=Jorge Jetson,ou=Roaming,o=linuxpowered,c=us
objectClass: top
objectClass: nsLIProfile
nsLIProfileName: jorgej
owner: cn=Jorge Jetson,ou=People,o=linuxpowered,c=us


hope this helps. ldap isn't easy, something that is badly
needed is more examples. it took several hours of trial
and error and research to get the above working to
the point that i have a basic understanding. too much
info on LDAP is generalized, on what kind of information,
more info is needed on how to accomplish specific tasks
using LDAP. I hope to write a page on doing this in the
comming weeks.


nate