[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slapd.conf - how to configure ldap

To: Stéphane Cesbron <stephane.cesbron@nantes.inserm.fr>
Subject: Re: Slapd.conf - how to configure ldap
From: pll+ldap@lanminds.com
Date: Mon, 23 Jun 2003 13:00:02 -0400
Cc: openldap-software@OpenLDAP.org
In-reply-to: Your message of "Mon, 23 Jun 2003 17:52:46 +0200." <5.2.1.1.0.20030623173652.00bbac68@pop.sante.univ-nantes.fr>
References: <5.2.1.1.0.20030623173652.00bbac68@pop.sante.univ-nantes.fr>

In a message dated: Mon, 23 Jun 2003 17:52:46 +0200 Cesbron said:

>What is the difference between this two lines :
>suffix "dc=sante, dc=ux, dc=fr"
>suffix "o=sante, c=fr"
>
>Can I have this two lines in the same slapd.conf file ?
>Must I have the same dc and o ?

One is using 'Domain Component' notation, the other is using 
organizational and geographic notation.  AFAIK, you can only use one 
suffix per database, but check the docs, as I'm not positive about 
this.  Most sites seem to use the Domain Component notation, since 
their Internet domain name is unique in the world.  However, this can 
also be problematic in large organizations where there may well be 
more than one LDAP environment and different groups responsible for 
them.  

Should this be the case, it might make more sense to use the 
geographic notation, though it's often longer.  In my particular 
case, I opted for the geographic, since my division of the company is 
actually geographically dispersed between the U.S. and Europe.

>Can anyone help me to get a correct (basic) slapd.conf using the following
>domain = sante.univ.fr
>organisation = fac

I would do something like:

	suffix "dc=sante,dc=univ,dc=fr"

What is 'fac' supposed to be?

>manager (rootdn) = Manager
>rootpw (define using slappasswd)
>
>if rootpw secretd does this means that manager is stored in the
>database with its password ?

No, the rootpw is actually stored in the slapd.conf file.  It can be 
encrypted or in plaintext.  Encrypted is obviously preferable for a 
site which is concerned about security, but plain text is sometimes 
easier to work with during the development/testing phases of a 
project.

My production environment has the password encrypted, while my test 
environment has the password in plaintext.

I would recommend spending some time with the OpenLDAP documentation 
and reading the various man pages.  There's a lot of good information 
there!

HTH,
-- 

Seeya,
Paul
--
Key fingerprint = 1660 FECC 5D21 D286 F853  E808 BB07 9239 53F1 28EE

	It may look like I'm just sitting here doing nothing,
   but I'm really actively waiting for all my problems to go away.

	 If you're not having fun, you're not doing it right!

References:
- Slapd.conf - how to configure ldap
  - From: Stéphane Cesbron <stephane.cesbron@nantes.inserm.fr>

Prev by Date: Re: error 65 when adding attributes
Next by Date: RE: Installing
Index(es):
- Chronological
- Thread