[389-users] suffix and sub-suffix usage

Francisco José Pérez González fperez.x at gmail.com
Tue May 11 16:07:42 UTC 2010 

On Lun 10 May 2010 18:09:46 Rich Megginson escribió:
> Francisco José Pérez González wrote:
> >  Hi, i have some problems with suffixs, im new to LDAP so maybe im
> > 
> > misunderstanding concepts, Ok here it goes...
> > 
> >  Im working with centos-ds. Im asking here beacause the solutions
> >  probably can
> > 
> > be apllied in 389-like software such as centos. well, i have the server
> > up and running with some entries, but im interested on enabling diferent
> > databases for some objects. The idea is to have an especific
> > configuration for each object, because it represents diferents systems
> > that probably will have diferents resource needs and access controls.
> 
> You don't need sub-suffixes for that.  You usually only need a
> sub-suffix if the underlying data needs to be distributed somehow like
> for a separate replication agreement, or a chaining database.
Very well, i had the feeling that suffix was not the way to go. For now Im not 
planning to distribute my directory in a replication, multi-master mode etc. I 
want to stay with just one standalone directory server. 

What feature is needed to be enabled in order to achieve custom database 
configurations?can this be implemented by setting up several logical databases 
or it implies to do a distributed deployment?
> 
> > So, under the root suffix on configuration tab of 389-console(yes im
> > using 389- console on centos-ds) i right click it and add a new
> > sub-suffix. For instance i name it "ou=systems" and also the database
> > with the same name is created and enabled.
> > 
> > The thing is that when im browsing the directory, there isn't a ou=system
> > on the main tree, instead is shown only on the main(right) section of
> > the gui. Im going to add an entry and i have an permission error. That's
> > odd becausa im "admin/Directory Manager" user.
> 
> When you setup your directory server using the setup-ds-admin.pl script,
> it creates the console admin user and adds some ACIs to the suffix you
> specified.  If you create another suffix, those ACIs do not apply - you
> can copy them if you want to.  One of the limitations of the ACI system
> is that you cannot set an ACI for the creation of a top level entry for
> a suffix - you must the directory manager to do that.  However, if you
> are trying to create the entry for a sub-suffix you created in the
> console, and the parent suffix was created by setup-ds-admin.pl, you
> should be able to create the entry using the console admin user.
> 
> > Can anybode help me? maybe im wrong trying to apply a sub-suffix to solve
> > a custom database configuration per some objects.
> > 
> > Regards
> > Francisco.
> > --
> > 389 users mailing list
> > 389-users at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> 
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

More information about the 389-users mailing list