On Wednesday 09 November 2005 22:27, Krishna Ganugapati wrote: > Hello, > > I have some newbie questions on the slapd.conf and support for multiple > naming contexts/directory partitions > > I want to have two partitions > > 1) dc=marakicorp,dc=com > > 2) cn=subcontainer,dc=marakicorp,dc=com > > Is the following slapd.conf valid > > database bdb > suffix "dc=marakicorp,dc=com" > rootdn "cn=Manager,dc=marakicorp,dc=com" > rootpw secret > directory %LOCALSTATEDIR%/openldap-data > # Indices to maintain > index objectClass eq > > database bdb > suffix "cn=subcontainer,dc=marakicorp,dc=com > rootdn "cn=Manager,dc=marakicorp,dc=com > rootpw secret > directory %LOCALSTATEDIR%/openldap-data > index objectClass eq > > Here are my questions > > 0) Can I use the same type of backend (bdb) for both naming contexts? Yes, but you can't use the same "directory". > I'm assuming that this is valid. Your config isn't, use something like: directory %LOCALSTATEDIR%/openldap-data/marakicorp directory %LOCALSTATEDIR%/openldap-data/subcontainer or directory %LOCALSTATEDIR%/openldap-data directory %LOCALSTATEDIR%/openldap-data/subcontainer (I assume you have actually replaced %LOCALSTATEDIR% with a real path) > 1) The second naming context is rooted at an object that is a "logical" > child of the suffix of the first naming context - is this acceptable to > do? Yes, just place the subordinate database first, and use the "subordinate" option for it. > 2) The rootdn (Manager dn) for both naming contexts is a dn which is > found in the first naming context "cn=Manager,dc=marakicorp,dc=com Well, it shouldn't be the first naming context, but yes, it would be preferable to have the rootdn in the parent (and the rootdn must be the same). > 3) The database location (directory) is the same for both naming > contexts - I'm not particular that the same store be used for both > naming contexts - I'm okay with separate database stores, but would like > to clarify if this is doable. It is not. You'll notice slapd won't start up, since it won't be able to open the same database a 2nd time. > 4) I don't expect the second naming context root object > (cn=Subcontainer,dc=marakicorp,dc=com) be reachable from the first > naming context, but presumably if there is a referral object in the > first naming context that "refers" me to the second naming context, I > would be able to spelunk from the first naming context into the second. If you order them correctly and use the "subordinate" option, the subordinate database should be accessible from the parent. > Could someone clarify if my assumptions here are accurate? Why make assumptions when you can get authoratative answers by reading the documentation? All your questions (except maybe question 0) have answers in the documentation ... For example, see the section on "subordinate" in the slapd.conf man page (which answers questions 1,2,4), and the "directory" section of the slapd-bdb man page (which answers question 3). Regards, Buchan -- Buchan Milne ISP Systems Specialist B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)
Attachment:
pgpV98D4nytPW.pgp
Description: PGP signature