Difference between /etc/ldap.conf vs. /etc/ldap/ldap.conf
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Difference between /etc/ldap.conf vs. /etc/ldap/ldap.conf
Dear All,
can anyone tell me what is the difference between these two files of LDAP client /etc/ldap.conf and /etc/ldap/ldap.conf and for what purposes these two files gives services. Is it necessary to have these two files at a time ?
I use these files to install LDAP client to authenticate with our LDAP server by creating a symbolic link of /etc/ldap.conf to /etc/ldap/ldap.conf.
many thanks in advance and looking forward for sooner replies.
/etc/ldap.conf is used for authentication and is required to be configured when you add ldap to /etc/nsswitch.conf.
/etc/openldap/ldap.conf is used by the client tools like ldapsearch.
These are certainly not the same!!! So symbolic links from one to the other is out of the question!
Thanks for the reply, So what should I do, should I not make the symbolic link for the ldap client configuration because what I think this is the mandatory step to configure ldap client, By the way I am using ubuntu 10.04.
One more thing in Ubuntu 10,04 ldap server configuration what I want to ask is there a need of generating new *.pem certificate or key , Or we can use the old certificate of previous old ldap server. I hope you understand what I wanted to say. basically we have an old version of ldap server running on Ubuntu 6.06.2 LTS and now we want to shift to new ldap server on Ubuntu 10.04 LTS. so If you can help us in migrating from older version to the new one plus we are having issues in exporting the old database to the new ldap server.
No, you should not make a symbolic link. I don't know what tool you can use for this in Ubuntu, but on Fedora I always use authconfig on the commandline. You might need to adjust the certificates afterwards. You also might want to change the bind_policy to soft. This might prevent you from nasty start up problems, when you are using ldap for authenticating on log in.
You probably will need to generate new certicates, unless you have kept the servername the same on the new server as was used when creating the certificate. I haven't tested this, so I can't be absolutely sure. Fortunately it is not very difficult to create new certificates, nor is it difficult to test the old certificates.
Regarding the migration, you probably will need to create an ldif file on your old server and load it again into the new server. You have to make sure that the root dn is the same on both servers. Unfortunately, I don't really know which schema's, configurations and applications are using the ldap server. So that makes it a bit difficult to tell what problems you might run into. Especially the applications can make it difficult to migrate the database, as they can have identifiers generated by the application and therefore might not work anymore with the old database after the migration to the new server. So once again, testing is the keyword here... If you post specific problems, we might be able the help you on this.
and what I did is I created a ldif file of database from old server and copy its contents in init_database.ldif file. If you will open the above mentioned link there will be a file created named as init_database.ldif in /var/lib/ldap. I hope this will help you in understanding the problem in a better way.
Is the dn that you are using in init_database.ldif the same as the olcSuffix in your create_database.ldif? If these are the same, then please let me know what the error message is that you get.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.