LDAP Howto
Robin Laing
Robin.Laing at drdc-rddc.gc.ca
Thu Jul 5 17:57:09 UTC 2007
Timothy Murphy wrote:
> Rodolfo Alcazar Portillo wrote:
>
>> My own fedora-ldap-almost-howto, hope being useful to you, if you
>> improve it, please return it to the list, thnx. My job's domain ist
>> padep.org.bo, change your appropriate, and so with the rest. The
>> evolution part is up to you, but is very easy:
>>
>> - Install w/yum:
>>
>> # yum install php-ldap openldap openldap-clients openldap-servers
>>
>> - Configure to get this files:
>>
>> # cat /etc/ldap.conf |grep "^base"
>>
>> base dc=padep,dc=org,dc=bo
>>
>> # slappasswd
>> New password: blahblah
>> Re-enter new password: blahblah
>> {SSHA}g5/QcoAmy54qGOsks04cyXda3PVa2Jxg
>>
>> # cat /etc/openldap/slapd.conf | grep "^suffix\|^root"
>> suffix "dc=padep,dc=org,dc=bo"
>> rootdn "cn=admin,dc=padep,dc=org,dc=bo"
>> rootpw {SSHA}g5/QcoAmy54qGOsks04cyXda3PVa2Jxg
>
> The trouble with this, in my eyes,
> is that you have given no explanation of why you make the choices you do
> in creating your conf files.
>
> This is in fact what I find off-putting in almost all ldap documentation.
>
> Why for example do you say
> suffix "dc=padep,dc=org,dc=bo"
> Could you equally well have said
> suffix "dc=padep.org.bo"
> ?
> [And what does "suffix" mean, anyway?]
>
> Must your choice be the address of your LDAP server?
>
> Incidentally, do you actually need ldap.conf ?
> Half the documents I have looked at only consider slapd.conf .
>
> In any case there should be some explanation
> of the purposes of these 2 different conf files.
>
> As far as I can make out -
> and if I am right I am completely baffled why no LDAP tutorial
> explains this clearly -
> the entries in an LDAP directory are represented by nodes on a tree,
> and the rather bizarre entries like the above
> are strange ways of specifying these nodes, eg
> bo->org->padep in your case, with bo at the root.
>
>> # service ldap start
>> Checking configuration files for slapd: bdb_db_open: Warning - No
>> DB_CONFIG file found in directory /var/lib/ldap: (2)
>> Expect poor performance for suffix dc=padep,dc=org,dc=bo.
>> config file testing succeeded
>
> Don't you think this warning calls for at least some explanation
> on your part?
> I would think twice before running software if I had been told
> that something is missing.
>
>> - Create a basic .ldif file:
>
>> # cat /etc/openldap/padep.ldif
>> dn: dc=padep,dc=org,dc=bo
>> objectclass: dcObject
>> objectclass: organization
>> o: Example Company
>> dc: padep
>
>> dn: cn=admin,dc=padep,dc=org,dc=bo
>> objectclass: organizationalRole
>> cn: admin
>
> Surely this kind of gobbledygook calls for some explanation?
> What does it mean when you say
> objectclass: dcObject
> objectclass: organization
> ?
> As far as I can see, it means that the entry in question
> will have the attributes specified (where?)
> in the definitions of dcObject and organization,
> ie the type of the entry is the union of the objectlass'es given.
>
> Is that correct?
> Again, if it is then I am completely baffled
> that none of the tutorials mention what seems to me
> essential to an understanding of the file in question.
>
>
> In my case, I'm still pondering the choice between LDAP and vCard
> for a LAN-wide address-book.
> vCard has the great advantage in my eyes
> that the format is clearly defined, with an XML DTD definition if desired.
>>From a practical point of view, it also seems the format used
> in mobile phones, which is quite significant.
>
> The disadvantage of vCard, as far as I can see,
> is that one would have to keep a copy on each machine.
>
>
>
>
>
>
>
Is this useful?
http://www.zytrax.com/books/ldap/
--
Due to the move to Exchange Server,
anything that is a priority, please phone.
Robin Laing
Instrumentation Technologist Voice: 1.403.544.4762
Military Engineering Section FAX: 1.403.544.4704
Defence R&D Canada - Suffield Email: Robin.Laing at DRDC-RDDC.gc.ca
PO Box 4000, Station Main WWW:http://www.suffield.drdc-rddc.gc.ca
Medicine Hat, AB, T1A 8K6
Canada
More information about the fedora-list
mailing list