[389-users] suffix and sub-suffix usage
Rich Megginson
rmeggins at redhat.com
Mon May 10 22:09:46 UTC 2010
Francisco José Pérez González wrote:
> Hi, i have some problems with suffixs, im new to LDAP so maybe im
> misunderstanding concepts, Ok here it goes...
>
> Im working with centos-ds. Im asking here beacause the solutions probably can
> be apllied in 389-like software such as centos. well, i have the server up and
> running with some entries, but im interested on enabling diferent databases
> for some objects. The idea is to have an especific configuration for each
> object, because it represents diferents systems that probably will have
> diferents resource needs and access controls.
>
You don't need sub-suffixes for that. You usually only need a
sub-suffix if the underlying data needs to be distributed somehow like
for a separate replication agreement, or a chaining database.
> So, under the root suffix on configuration tab of 389-console(yes im using 389-
> console on centos-ds) i right click it and add a new sub-suffix. For instance i
> name it "ou=systems" and also the database with the same name is created and
> enabled.
>
> The thing is that when im browsing the directory, there isn't a ou=system on
> the main tree, instead is shown only on the main(right) section of the gui. Im
> going to add an entry and i have an permission error. That's odd becausa im
> "admin/Directory Manager" user.
>
When you setup your directory server using the setup-ds-admin.pl script,
it creates the console admin user and adds some ACIs to the suffix you
specified. If you create another suffix, those ACIs do not apply - you
can copy them if you want to. One of the limitations of the ACI system
is that you cannot set an ACI for the creation of a top level entry for
a suffix - you must the directory manager to do that. However, if you
are trying to create the entry for a sub-suffix you created in the
console, and the parent suffix was created by setup-ds-admin.pl, you
should be able to create the entry using the console admin user.
> Can anybode help me? maybe im wrong trying to apply a sub-suffix to solve a
> custom database configuration per some objects.
>
> Regards
> Francisco.
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
More information about the 389-users
mailing list