products | company | support | downloads | isp services | contact us
|
mail us
|
mail this page products | company | support | downloads | isp services | contact us |
Each DIT is described by a database section in the slapd.conf file. By defining multiple database sections multiple DITs are defined. Each DIT is discrete and has its own naming-context (or name space). Assume we want to create the following structure in a single LDAP server:
# ###### MULTIPLE DITs ############ # # NOTES: inetorgperson picks up attributes and objectclasses # from all three schemas include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema # NO SECURITY - no access clause # defaults to anonymous access for read # only rootdn can write # NO REFERRALS # DON'T bother with ARGS file unless you feel strongly # slapd scripts stop scripts need this to work pidfile /var/run/slapd.pid # enable a lot of logging - we might need it # but generates huge logs loglevel -1 # NO dynamic backend modules # NO TLS-enabled connections # backend definition not required ####################################################################### # FIRST bdb database definitions # for EXAMPLE.COM # replace example and com below with a suitable domain # # If you don't have a domain you can leave it since example.com # is reserved for experimentation or change them to my and inc # ####################################################################### database bdb suffix "dc=example, dc=com" # root or superuser rootdn "cn=jimbob, dc=example, dc=com" rootpw dirtysecret # The database directory MUST exist prior to running slapd AND # change path as necessary directory /var/db/openldap/example-com # Indices to maintain for this directory # unique id so equality match only index uid eq # allows general searching on commonname, givenname and email index cn,gn,mail eq,sub # allows multiple variants on surname searching index sn eq,sub,subintial,subany,subfinal # optimise department searches index ou eq # shows use of default index parameter index default eq,sub # indices missing - uses default eq,sub index telephonenumber # other database parameters # read more in sladp.conf reference section cachesize 10000 checkpoint 128 15 dbnosync dirtyread searchstack 5 ####################################################################### # SECOND bdb database definitions # for EXAMPLE.NET # replace example and net below with a suitable domain # # If you don't have a domain you can leave it since example.com # is reserved for experimentation or change them to my and inc # ####################################################################### database bdb suffix "dc=example, dc=net" # root or superuser rootdn "cn=jimbob, dc=example, dc=net" rootpw dirtysecret # The database directory MUST exist prior to running slapd AND # change path as necessary - separate directory from # FIRST section directory /var/db/openldap/example-net # Indices to maintain for this directory # unique id so equality match only index uid eq # optimise department searches index ou eq # shows use of default index parameter index default eq,sub # indices missing - uses default eq,sub index telephonenumber # other database parameters # read more in sladp.conf reference section cachesize 10000 checkpoint 128 15 dbnosync dirtyread searchstack 5
Obviously you need to stop and start the LDAP server to pick up this new file. Then run an LDIF as shown below using ldapadd.
This LDIF assumes that EXAMPLE.COM already exists - we are simply adding EXAMPLE.NET.
# add example.net to an existing LDAP server version: 1 dn: dc=example,dc=net dc: example description: Example Network Operations objectClass: dcObject objectClass: organization o: Example, Inc. dn: ou=people, dc=example,dc=net ou: people description: All people in organisation objectClass: organizationalUnit
This LDIF assumes that we are adding both EXAMPLE.COM and EXAMPLE.NET.
# add both example.com and example.net # FIRST add example.com version: 1 dn: dc=example,dc=com dc: example description: Example Company objectClass: dcObject objectClass: organization o: Example, Inc. dn: ou=people, dc=example,dc=com ou: people description: All people in organisation objectClass: organizationalUnit # SECOND add example.net version: 1 dn: dc=example,dc=net dc: example description: Example Network Operations objectClass: dcObject objectClass: organization o: Example, Inc. dn: ou=people, dc=example,dc=net ou: people description: All people in organisation objectClass: organizationalUnit
|
Copyright © 1994 - 2010 ZyTrax, Inc. All rights reserved. Legal and Privacy |
site by zytrax |
web-master at zytrax Page modified: January 30 2008. |
tech info
guides home
intro
contents
1 objectives
big picture
2 concepts
3 ldap objects
quickstart
4 install ldap
5 samples
6 config files
7 replicate & refer
reference
8 ldif
9 protocol
10 ldap api
operations
11 howtos
12 trouble
13 performance
14 ldap tools
security
15 security
appendices
notes & info
ldap resources
rfc's & x.500
glossary
ldap objects
change log
This work is licensed under a
Creative Commons License.
If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C STANDARDS COMPLIANT browser such as Mozilla
FreeBSD
NetBSD
OpenBSD
DragonFlyBSD
Linux
OpenOffice
Mozilla
SourceForge
GNU-Free SW Foundation
Open Source Initiative
Creative Commons
Ibiblio - Library
Open Book Project
Open Directory
Wikipedia
RSS Feed