|
Difference between /etc/ldap.conf vs. /etc/ldap/ldap.conf
Dear All,
can anyone tell me what is the difference between these two files of LDAP client /etc/ldap.conf and /etc/ldap/ldap.conf and for what purposes these two files gives services. Is it necessary to have these two files at a time ? I use these files to install LDAP client to authenticate with our LDAP server by creating a symbolic link of /etc/ldap.conf to /etc/ldap/ldap.conf. many thanks in advance and looking forward for sooner replies. Thanks and Regards, Fahad Bin Aziz. |
Hi,
Both locations can be used, although /etc/openldap/ldap.conf seems to be preferred (man page). Section 2.1: ldap.conf Quote from man page: Quote:
|
/etc/ldap.conf is used for authentication and is required to be configured when you add ldap to /etc/nsswitch.conf.
/etc/openldap/ldap.conf is used by the client tools like ldapsearch. These are certainly not the same!!! So symbolic links from one to the other is out of the question! |
Hi,
@Blue_Ice: Quote:
From the link I posted: Quote:
But you made a good point! fahadaziz needs to be aware of this! |
@ Blue Ice,
Thanks for the reply, So what should I do, should I not make the symbolic link for the ldap client configuration because what I think this is the mandatory step to configure ldap client, By the way I am using ubuntu 10.04. One more thing in Ubuntu 10,04 ldap server configuration what I want to ask is there a need of generating new *.pem certificate or key , Or we can use the old certificate of previous old ldap server. I hope you understand what I wanted to say. basically we have an old version of ldap server running on Ubuntu 6.06.2 LTS and now we want to shift to new ldap server on Ubuntu 10.04 LTS. so If you can help us in migrating from older version to the new one plus we are having issues in exporting the old database to the new ldap server. Many thanks in advance. Thanks and regards, Fahad Bin Aziz. |
No, you should not make a symbolic link. I don't know what tool you can use for this in Ubuntu, but on Fedora I always use authconfig on the commandline. You might need to adjust the certificates afterwards. You also might want to change the bind_policy to soft. This might prevent you from nasty start up problems, when you are using ldap for authenticating on log in.
You probably will need to generate new certicates, unless you have kept the servername the same on the new server as was used when creating the certificate. I haven't tested this, so I can't be absolutely sure. Fortunately it is not very difficult to create new certificates, nor is it difficult to test the old certificates. Regarding the migration, you probably will need to create an ldif file on your old server and load it again into the new server. You have to make sure that the root dn is the same on both servers. Unfortunately, I don't really know which schema's, configurations and applications are using the ldap server. So that makes it a bit difficult to tell what problems you might run into. Especially the applications can make it difficult to migrate the database, as they can have identifiers generated by the application and therefore might not work anymore with the old database after the migration to the new server. So once again, testing is the keyword here... If you post specific problems, we might be able the help you on this. |
Quote:
|
@ Blue Ice,
I have used the following link to configure the ldap server on Ubuntu 10.04 LTS. http://www.opinsys.fi/setting-up-ope...u-10-04-alpha2 and what I did is I created a ldif file of database from old server and copy its contents in init_database.ldif file. If you will open the above mentioned link there will be a file created named as init_database.ldif in /var/lib/ldap. I hope this will help you in understanding the problem in a better way. many thanks in advance. Thanks, Fahad Aziz. |
Is the dn that you are using in init_database.ldif the same as the olcSuffix in your create_database.ldif? If these are the same, then please let me know what the error message is that you get.
|
| All times are GMT -5. The time now is 11:31 PM. |