Howard Lowndes wrote:
I'm trying to get somewhere with setting up an LDAP database.
The problem I am encountering is that all the examples that I can find
assume the the top level has a dn: of the form dc=example,dc=com such
that slapd.conf looks like:
...
database bdb
suffix "cd=example,dc=com"
rootdn "cn=manager,dc=example,dc=com"
rootpw secret
directory /var/lib/ldap
...
and the top level LDIF file looks like:
...
dn: dc=example,dc=com
objectClass: dcObject
dc: example
objectClass: organization
o: Example Company
...
My problem is that I want a different top level, and I want my
slapd.conf file to look like:
...
database bdb
suffix "o=myhosting"
rootdn "cn=manager,o=myhosting"
rootpw secret
directory /var/lib/ldap
...
and the top level LDIF file looks like:
dn: o=myhosting
objectClass: organisation
o: My Hosting
Thus far my layout works just fine, but when I come to add dcObjects I
start to run into problems. An LDIF of:
dn: dc=example,dc=com,o=myhosting
objectClass: dcObject
dc: example
returns the following error:
# ldapadd -x -D 'cn=manager,o=myhosting' -W -f myhosting.ldif
adding new entry "dc=example,dc=com,o=myhosting"
ldap_add: Object class violation (65)
additional info: no structural object class provided
If I then expand this LDIF file to:
dn: dc=example,dc=com,o=myhosting
objectClass: dcObject
dc: example
objectClass: organizationalUnit
ou: My Hosting
Perhaps you want this ldif:
dn: dc=example,dc=com,o=myhosting,
objectClass: dcObject
objectClass: organization
o: My Hosting
dc: example
Then, you may create 'ou's after that.
I now get this error:
# ldapadd -x -D 'cn=manager,o=myhosting' -W -f myhosting.ldif
adding new entry "dc=example,dc=com,o=myhosting"
ldap_add: No such object (32)
matched DN: o=myhosting
or alternatively expand it to:
dn: dc=example,dc=com,o=myhosting
objectClass: dcObject
dc: example
objectClass: organization
o: My Hosting
then I still get the same error message.
The question at this point is: What am I doing wrong here?
Now, let us consider setting up my database more like the examples.
The questions here are:
1: Can I have more than 1 "database bdb" entry, say 1 for each of
several disparate domains?
2. If I can have more than 1 "database bdb" entry, can they all
co-exist in the same directory path "/var/lib/ldap" or do they need
separate directory paths "/var/lib/ldap/firstdomain",
"/var/lib/seconddomain", etc?
3. Do the rootdn's have to match each dc= for its suffix or can it be
quite different, and can I have a common rootdn for all domains?
4. I understand that multiple "database bdb" entries are permissible
and apparently multiple suffix entries are permissible. Are
multiple/multiples permissible?
5. If multiple suffixes are permissible under any "database bdb"
entry, then how is the following considered:
suffix "dc=example,dc=com"
suffix "dc=sitea"
suffix "dc=siteb"
Is the third line a subset of the second or of the first?
That'll do for now. TIA.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
