LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 07-13-2010, 05:19 AM   #1
fahadaziz
LQ Newbie
 
Registered: Aug 2008
Posts: 27

Rep: Reputation: 15
Question Difference between /etc/ldap.conf vs. /etc/ldap/ldap.conf


Dear All,

can anyone tell me what is the difference between these two files of LDAP client /etc/ldap.conf and /etc/ldap/ldap.conf and for what purposes these two files gives services. Is it necessary to have these two files at a time ?

I use these files to install LDAP client to authenticate with our LDAP server by creating a symbolic link of /etc/ldap.conf to /etc/ldap/ldap.conf.

many thanks in advance and looking forward for sooner replies.

Thanks and Regards,

Fahad Bin Aziz.
 
Old 07-13-2010, 05:34 AM   #2
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373
Hi,

Both locations can be used, although /etc/openldap/ldap.conf seems to be preferred (man page).

Section 2.1: ldap.conf

Quote from man page:
Quote:
Files

/etc/openldap/ldap.conf
system-wide ldap configuration file
Hope this helps.
 
Old 07-13-2010, 05:43 AM   #3
Blue_Ice
Member
 
Registered: Jul 2006
Location: Belgium
Distribution: Debian, Fedora, CentOS, Windows
Posts: 352

Rep: Reputation: Disabled
/etc/ldap.conf is used for authentication and is required to be configured when you add ldap to /etc/nsswitch.conf.
/etc/openldap/ldap.conf is used by the client tools like ldapsearch.

These are certainly not the same!!! So symbolic links from one to the other is out of the question!
 
Old 07-13-2010, 05:54 AM   #4
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373
Hi,

@Blue_Ice:
Quote:
These are certainly not the same!!!
That must be implementation specific....

From the link I posted:
Quote:
/etc/openldap/ldap.conf (or /etc/ldap/ldap.conf) contains information about which server holds the LDAP information.
I've removed the /etc/ldap.conf and all keeps running (even after a restart....).

But you made a good point! fahadaziz needs to be aware of this!
 
Old 07-13-2010, 06:07 AM   #5
fahadaziz
LQ Newbie
 
Registered: Aug 2008
Posts: 27

Original Poster
Rep: Reputation: 15
@ Blue Ice,

Thanks for the reply, So what should I do, should I not make the symbolic link for the ldap client configuration because what I think this is the mandatory step to configure ldap client, By the way I am using ubuntu 10.04.

One more thing in Ubuntu 10,04 ldap server configuration what I want to ask is there a need of generating new *.pem certificate or key , Or we can use the old certificate of previous old ldap server. I hope you understand what I wanted to say. basically we have an old version of ldap server running on Ubuntu 6.06.2 LTS and now we want to shift to new ldap server on Ubuntu 10.04 LTS. so If you can help us in migrating from older version to the new one plus we are having issues in exporting the old database to the new ldap server.

Many thanks in advance.

Thanks and regards,

Fahad Bin Aziz.
 
Old 07-13-2010, 07:58 AM   #6
Blue_Ice
Member
 
Registered: Jul 2006
Location: Belgium
Distribution: Debian, Fedora, CentOS, Windows
Posts: 352

Rep: Reputation: Disabled
No, you should not make a symbolic link. I don't know what tool you can use for this in Ubuntu, but on Fedora I always use authconfig on the commandline. You might need to adjust the certificates afterwards. You also might want to change the bind_policy to soft. This might prevent you from nasty start up problems, when you are using ldap for authenticating on log in.

You probably will need to generate new certicates, unless you have kept the servername the same on the new server as was used when creating the certificate. I haven't tested this, so I can't be absolutely sure. Fortunately it is not very difficult to create new certificates, nor is it difficult to test the old certificates.

Regarding the migration, you probably will need to create an ldif file on your old server and load it again into the new server. You have to make sure that the root dn is the same on both servers. Unfortunately, I don't really know which schema's, configurations and applications are using the ldap server. So that makes it a bit difficult to tell what problems you might run into. Especially the applications can make it difficult to migrate the database, as they can have identifiers generated by the application and therefore might not work anymore with the old database after the migration to the new server. So once again, testing is the keyword here... If you post specific problems, we might be able the help you on this.
 
Old 07-13-2010, 08:03 AM   #7
Blue_Ice
Member
 
Registered: Jul 2006
Location: Belgium
Distribution: Debian, Fedora, CentOS, Windows
Posts: 352

Rep: Reputation: Disabled
Quote:
Originally Posted by druuna View Post
Hi,

@Blue_Ice: That must be implementation specific....

I've removed the /etc/ldap.conf and all keeps running (even after a restart....).

But you made a good point! fahadaziz needs to be aware of this!
Believe me, if I tell you that it caused me a lot of stress until someone here pointed out to this.
 
Old 07-14-2010, 03:51 AM   #8
fahadaziz
LQ Newbie
 
Registered: Aug 2008
Posts: 27

Original Poster
Rep: Reputation: 15
@ Blue Ice,

I have used the following link to configure the ldap server on Ubuntu 10.04 LTS.

http://www.opinsys.fi/setting-up-ope...u-10-04-alpha2

and what I did is I created a ldif file of database from old server and copy its contents in init_database.ldif file. If you will open the above mentioned link there will be a file created named as init_database.ldif in /var/lib/ldap. I hope this will help you in understanding the problem in a better way.

many thanks in advance.

Thanks,
Fahad Aziz.
 
Old 07-14-2010, 05:12 AM   #9
Blue_Ice
Member
 
Registered: Jul 2006
Location: Belgium
Distribution: Debian, Fedora, CentOS, Windows
Posts: 352

Rep: Reputation: Disabled
Is the dn that you are using in init_database.ldif the same as the olcSuffix in your create_database.ldif? If these are the same, then please let me know what the error message is that you get.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Using pam_filter in ldap.conf ciphyre Linux - Security 0 06-16-2009 06:11 PM
ldap.conf: uri vs host yurii Red Hat 4 03-26-2008 07:17 AM
ldap.conf with multiple servers Neruocomp Linux - Server 0 11-02-2007 12:53 PM
dovecot-ldap.conf example file paul_mat Linux - Networking 0 01-12-2006 05:31 AM
LDAP & NSSwitch.conf matarodi Debian 0 09-11-2005 03:10 AM


All times are GMT -5. The time now is 06:53 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration