Francisco José Pérez González wrote:
Hi, i have some problems with suffixs, im new to LDAP so maybe im
misunderstanding concepts, Ok here it goes...
Im working with centos-ds. Im asking here beacause the solutions probably can
be apllied in 389-like software such as centos. well, i have the server up and
running with some entries, but im interested on enabling diferent databases
for some objects. The idea is to have an especific configuration for each
object, because it represents diferents systems that probably will have
diferents resource needs and access controls.
You don't need sub-suffixes for that. You usually only need a
sub-suffix if the underlying data needs to be distributed somehow like
for a separate replication agreement, or a chaining database.
So, under the root suffix on configuration tab of 389-console(yes im
using 389-
console on centos-ds) i right click it and add a new sub-suffix. For instance i
name it "ou=systems" and also the database with the same name is created and
enabled.
The thing is that when im browsing the directory, there isn't a ou=system on
the main tree, instead is shown only on the main(right) section of the gui. Im
going to add an entry and i have an permission error. That's odd becausa im
"admin/Directory Manager" user.
When you setup your directory server using the setup-ds-admin.pl script,
it creates the console admin user and adds some ACIs to the suffix you
specified. If you create another suffix, those ACIs do not apply - you
can copy them if you want to. One of the limitations of the ACI system
is that you cannot set an ACI for the creation of a top level entry for
a suffix - you must the directory manager to do that. However, if you
are trying to create the entry for a sub-suffix you created in the
console, and the parent suffix was created by setup-ds-admin.pl, you
should be able to create the entry using the console admin user.
Can anybode help me? maybe im wrong trying to apply a sub-suffix to
solve a
custom database configuration per some objects.
Regards
Francisco.
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users