openldap configuration brought to apache directory studio
DESCRIPTION
TRANSCRIPT
OpenLDAP configuration brought to
Apache Directory Studio
1
<OpenLDAP configuration/> brought to
<Apache Directory Studio/>
2
Apache Software Foundation member
Chairman of MINA project
PMC of Apache Directory Project
[email protected] / [email protected]
Emmanuel Lécharny
Apache Directory Studio
4
OpenLDAP configuration
5
slapd.conf
Or
cn=config/
Slapd.conf
6
# See slapd.conf(5) for details on configuration options.include "/opt/symas/etc/openldap/schema/core.schema"
pidfile "/var/symas/run/slapd.pid"argsfile "/var/symas/run/slapd.args"
# Choose the directory for loadable modules.modulepath "/opt/symas/lib/openldap"
# Load dynamic backend modules:moduleload back_hdb.lamoduleload back_monitor.la
# Sample hdb database definitionsdatabase hdbsuffix "dc=example,dc=com"rootdn "dc=example,dc=com"rootpw secret
# Indices to maintainindex default eqindex objectClassindex cn
directory "/var/symas/openldap-data/example"cachesize 5000idlcachesize 5000checkpoint 512 60database monitor
cn=config
7
dn: cn=configolcWriteTimeout: 0olcTLSCRLCheck: noneolcConnMaxPendingAuth: 1000olcIndexIntLen: 4olcIdleTimeout: 0olcIndexHash64: FALSEolcAttributeOptions: lang-olcConfigDir: etc/openldap/slapd.dolcIndexSubstrAnyStep: 2olcPidFile: /var/symas/run/slapd.pid...
dn: cn=schemastructuralObjectClass: olcSchemaConfigcreateTimestamp: 20131117072024.982ZolcObjectIdentifier: OLcfg 1.3.6.1.4.1.4203.1.12.2olcObjectIdentifier: OLcfgAt OLcfg:3olcObjectIdentifier: OLcfgGlAt OLcfgAt:0olcObjectIdentifier: OLcfgBkAt OLcfgAt:1olcObjectIdentifier: OLcfgDbAt OLcfgAt:2olcObjectIdentifier: OLcfgOvAt OLcfgAt:3olcObjectIdentifier: OLcfgCtAt OLcfgAt:4olcObjectIdentifier: OLcfgOc OLcfg:4...
dn: olcDatabase={1}hdbolcDbShmKey: 0olcDbConfig: {0}#olcDbConfig: {1}# DB_CONFIG file for example databaseolcDbConfig: {2}#olcDbConfig: {3}# IMPORTANTolcDbConfig: {4}# Changes will automatically take effect after slapd is restarted....
Why cn=config ?
8
Configuration in LDAP
Can be replicated
Allows dynamic configuration
Protects against misconfigurations
But...
9
People keep using vi/Emacs
More complex than slapd.conf
You have to use ldapadd/ldapmodify/ldapdelete
But...
10
« It is of course possible for a careful, clueful admin to edit the files by hand without breaking
anything. »
« But let's face it, the majority of people out there, and particularly the people having
problems that drive them to post on this mailing list, are neither careful enough nor clueful
enough to qualify for these activities. »
Let's use Studio !
11
OpenLDAP configuration plugin
12
Don't have to lecture people who use text editors
Config for dummies (almost)
Many controls done by the plugin
« smart » editors
Backend configuration
13
HDB configuration
14
Replication configuration
15
Options configuration
16
What's next ?
17
Polish the editors
Make it work with slapd.conf
Add the missing elements
Manage versions
Release it !!!
Thanks!