openLDAP in karmic

Mathias Gug mathiaz at ubuntu.com
Tue Aug 18 23:43:26 UTC 2009 

Hi Javier,

On Tue, Aug 18, 2009 at 10:02 AM, Javier Urúen Val<juruen at warp.es> wrote:
> If  I understand correctly, only  a minimal cn=config database is created.

Right. The cn=config database is accessible for the local root user
without prompting for a password using the following options: -Y
EXTERNAL -H ldapi:///

> I'm wondering what plans you guys have in regards of this. Is this
> just work in progress and you are going to provide
> some scripts to initialise the database, or the user will have to do
> it manually?
>

The plan is that the slapd package will just install the base
cn=config database. Then any package will be able to create a database
from its maintainer scripts.

> IIRC from the last UDS, you would like to provide a nice kerberos
> installation by default. So maybe these are the initial steps.
>

Right. These are the first steps. Karmic won't have a complete
kerberos integration due to lack of administration tools.

> I'm asking this because in eBox [0] we would like to integrate our
> LDAP module as much as possible with the default openLDAP installation
> in karmic. With previous versions of slapd (<= 2.4.17-1ubuntu3), we
> asked the user the administration password, and having that we added
> an eBox user to both databases, in order to be able to automatically
> add schemas, acls, entries-..  by other eBox modules that use LDAP
> such as  ebox-samba, ebox-mail, ebox-asterisk and so on.
>

You won't need to do that anymore. I'd suggest that you add schemas
and acls when packages are installed from the postinst script using
the ldapadd/ldapmodify commands with the options mentioned above. You
should have access to the cn=config tree and can add any entry you
need from the maintainer scripts (they run as root).

One thing that has gone is the minimal DIT. You may have to provide
your own package that would create a default database and load a
default DIT. I may have some time to provide a package that would
actually provide the same default as the previous slapd package.

-- 
Mathias Gug
Ubuntu Developer  http://www.ubuntu.com

More information about the ubuntu-server mailing list