Re: Best way to merge two local DITs vs empty search base suffix
Where is it documented how the conf file slapd.conf file is processed? I've read the documentation, more than once, and still don't know. I suspect this whole 'order thing' is pretty darn important (outside of access config). Seriously, please me at it. Thanks, - chris Chris Jacobs, Systems Administrator Apollo Group | Apollo Marketing | Aptimus 2001 6th Ave Ste 3200 | Seattle, WA 98121 phone: 206.441.9100 x1245 | mobile: 206.601.3256 | fax: 206.441.9661 email: chris.jac...@apollogrp.edu - Original Message - From: openldap-technical-bounces+chris.jacobs=apollogrp@openldap.org openldap-technical-bounces+chris.jacobs=apollogrp@openldap.org To: guy.baconni...@swisscom.com guy.baconni...@swisscom.com; openldap-technical@openldap.org openldap-technical@openldap.org Sent: Sun Jun 13 20:20:07 2010 Subject: Re: Best way to merge two local DITs vs empty search base suffix --On Sunday, June 13, 2010 12:17 PM +0200 guy.baconni...@swisscom.com wrote: Hello, We want to update our old OpenLDAP server from 2.1.x to 2.4.x but the current configuration do not use a regular suffix (o=foo,c=bar nor dc=foo,dc=bar) but use an empty suffix (). We want to move away from empty suffix as we cannot use cn=monitor or any additional suffixes as they can not bind when a suffix is in use in a hdb database : You can do this just fine. I do it in all my installs. You simply need to declare them in the right order. I.e., you must declare monitor, etc before the empty suffix. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc Zimbra :: the leader in open source messaging and collaboration This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
Re: Best way to merge two local DITs vs empty search base suffix
--On Monday, June 14, 2010 7:51 AM -0700 Chris Jacobs chris.jac...@apollogrp.edu wrote: Where is it documented how the conf file slapd.conf file is processed? I've read the documentation, more than once, and still don't know. I suspect this whole 'order thing' is pretty darn important (outside of access config). Seriously, please me at it. The slapd configuration is broken up into parts. This is well described in the slapd.conf(5) man page: The slapd.conf file consists of a series of global configuration options that apply to slapd as a whole (including all backends), fol- lowed by zero or more database backend definitions that contain infor- mation specific to a backend instance. The configuration options are case-insensitive; their value, on a case by case basis, may be case- sensitive. The global section is covered in the main slapd.conf/cn=config man pages. It is even clearly titled so as GLOBAL CONFIGURATION OPTIONS in the man page itself. The slapd.conf/cn=config man pages also cover the general database options that apply to all backends (or as otherwise noted in that section). Options specific to a given backend are clearly documented in the man pages for that backend, such as back-hdb, back-bdb, etc. This is also clearly detailed in the slapd.conf/cn=config man pages: DATABASE-SPECIFIC OPTIONS Each database may allow specific configuration options; they are documented separately in the backends' manual pages. See the slapd.backends(5) manual page for an overview of available backends. In any case, it all looks pretty clear to me. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc Zimbra :: the leader in open source messaging and collaboration
Re: Best way to merge two local DITs vs empty search base suffix
Chris Jacobs wrote: Where is it documented how the conf file slapd.conf file is processed? I've read the documentation, more than once, and still don't know. I suspect this whole 'order thing' is pretty darn important (outside of access config). slapd.conf(5): suffix dn suffix Specify the DN suffix of queries that will be passed to this backend database. Multiple suffix lines can be given and at least one is required for each database definition. If the suffix of one database is inside that of another, the database with the inner suffix must come first in the configuration file. Seriously, please me at it. Thanks, - chris Chris Jacobs, Systems Administrator Apollo Group | Apollo Marketing | Aptimus 2001 6th Ave Ste 3200 | Seattle, WA 98121 phone: 206.441.9100 x1245 | mobile: 206.601.3256 | fax: 206.441.9661 email: chris.jac...@apollogrp.edu - Original Message - From: openldap-technical-bounces+chris.jacobs=apollogrp@openldap.orgopenldap-technical-bounces+chris.jacobs=apollogrp@openldap.org To: guy.baconni...@swisscom.comguy.baconni...@swisscom.com; openldap-technical@openldap.orgopenldap-technical@openldap.org Sent: Sun Jun 13 20:20:07 2010 Subject: Re: Best way to merge two local DITs vs empty search base suffix --On Sunday, June 13, 2010 12:17 PM +0200 guy.baconni...@swisscom.com wrote: Hello, We want to update our old OpenLDAP server from 2.1.x to 2.4.x but the current configuration do not use a regular suffix (o=foo,c=bar nor dc=foo,dc=bar) but use an empty suffix (). We want to move away from empty suffix as we cannot use cn=monitor or any additional suffixes as they can not bind when a suffix is in use in a hdb database : You can do this just fine. I do it in all my installs. You simply need to declare them in the right order. I.e., you must declare monitor, etc before the empty suffix. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Re: Best way to merge two local DITs vs empty search base suffix
--On Sunday, June 13, 2010 12:17 PM +0200 guy.baconni...@swisscom.com wrote: Hello, We want to update our old OpenLDAP server from 2.1.x to 2.4.x but the current configuration do not use a regular suffix (o=foo,c=bar nor dc=foo,dc=bar) but use an empty suffix (). We want to move away from empty suffix as we cannot use cn=monitor or any additional suffixes as they can not bind when a suffix is in use in a hdb database : You can do this just fine. I do it in all my installs. You simply need to declare them in the right order. I.e., you must declare monitor, etc before the empty suffix. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc Zimbra :: the leader in open source messaging and collaboration
