On Mon, 2012-09-24 at 13:40 -0400, Chuck Lever wrote: > Hi- > > On Aug 27, 2012, at 5:28 AM, Ian Kent wrote: > > > +Setup an NSDB (NameSpace DataBase) > > +================================== > > + > > +1. Set parameters for NSDB connections: > > + # nsdbparams(8) is used to set NSDB connection parameters > > + nsdbparams update -e "dc=fedfs,dc=org" \ > > + -D "cn=Manager,dc=fedfs,dc=org" \ > > + zeus.fedfs.org > > + > > +2. Setup an OpenLDAP instance for fedfs.org: > > + service slapd stop > > +or > > + systemctl stop slapd.service > > + > > +Create /etc/openldap/slapd.conf as: > > + include /etc/openldap/schema/core.schema > > + include /etc/openldap/schema/cosine.schema > > + include /etc/openldap/schema/inetorgperson.schema > > + include /etc/openldap/schema/nis.schema > > + # Get this from the FedFS distribution > > + include /etc/openldap/schema/fedfs.schema > > + > > + pidfile /var/run/openldap/slapd.pid > > + argsfile /var/run/openldap/slapd.args > > + > > + database bdb > > + suffix "dc=fedfs,dc=org" > > + rootdn "cn=Manager,dc=fedfs,dc=org" > > + rootpw secret > > + directory /var/lib/ldap > > + > > + index objectClass eq,pres > > + index ou,cn,mail,surname,givenname eq,pres,sub > > + index uidNumber,gidNumber,loginShell eq,pres > > + index uid,memberUid eq,pres,sub > > + index nisMapName,nisMapEntry eq,pres,sub > > + > > +Create fedfs.org-naming-context.ldif as: > > + dn: dc=fedfs,dc=org > > + objectClass: domain > > + dc: fedfs > > + description: naming context > > + > > +Create an OpenLDAP instance for fedfs.org: > > + # Ensure that /etc/openldap/ldap.conf is setup to use fedfs.org > > + # by commenting out any other URI and BASE directives and then > > + # add definitions to the end of the configuration. > > + echo "URI ldap://zeus.fedfs.org/"; >> /etc/openldap/ldap.conf > > + echo "BASE dc=fedfs,dc=org" >> /etc/openldap/ldap.conf > > + > > + # Setup OpenLDAP for fedfs.org > > + cd /etc/openldap > > + restorecon -v slapd.conf > > + > > + rm -f /var/lib/ldap/* > > + # supress warnings that this file does not exist > > + touch /var/lib/ldap/DB_CONFIG > > + > > + rm -rf slapd.d > > + slaptest -F slapd.d -f slapd.conf > > + # I think this will restore the correct ownership > > + # of the configuration directory tree but it may > > + # be necessary to chmod -R ldap.ldap slapd.d also. > > + restorecon -R -v slapd.d > > + > > + slapadd -l fedfs.org-naming-context.ldif > > + chown ldap.ldap /var/lib/ldap/* > > + restorecon -v /var/lib/ldap/* > > + > > + service slapd start > > +or > > + systemctl start slapd.service > > + > > +4. Add NCI (NSDB Container information) attributes to the > > + naming context LDAP entry: > > + nsdb-update-nci -l zeus.fedfs.org \ > > + -D "cn=Manager,dc=fedfs,dc=org" \ > > + -e "dc=fedfs,dc=org" > > I'm new to OpenLDAP, but you have inspired me to try it out as an NSDB. > I used your instructions. > > It looks like OpenLDAP is in the middle of a major conversion from the > old-school slapd.conf way of configuration to a new "OnLine Config" > thingie. I think our instructions and tools should take advantage of > the new method.
Yep, and has been for quite a while. > > We can build some simple tools that operate against a generic OpenLDAP > install: > > 1. Add the FedFS schema via an ldapmodify command I think I also had an example of that in one of the two things I wrote. > > 2. Set up either an "o=fedfs" suffix and database, or add an > "ou=fedfs" domain entry Yeah, if you want to define a new suffix and database for an example LDAP database I found it less problematic to blow away the existing database and recreate the directory based configuration from a slapd.conf. You can use ldapadd (offline add) or ldapmodify (online add) to make changes as you wish. Adding an additional domain to an existing tree with ldapmodify should work fine too. > > 3. We already have the nsdb-update-nci tool that can take it from > there Yep. > > That might make all of this a lot easier. 1. and 2. would reside under > the contrib/ directory in the fedfs-utils source tree. Yep, it would be good to capture this in the source tree. > > What do you think? It all sound good to me. I've got a bit of work on for a while now so the FedFS documentation task hasn't reached the top of the push down task stack quite yet. Ian _______________________________________________ fedfs-utils-devel mailing list [email protected] https://oss.oracle.com/mailman/listinfo/fedfs-utils-devel
