[389-users] suffix and sub-suffix usage
Rich Megginson
rmeggins at redhat.com
Tue May 11 18:21:59 UTC 2010
Francisco José Pérez González wrote:
> On Lun 10 May 2010 18:09:46 Rich Megginson escribió:
>
>> Francisco José Pérez González wrote:
>>
>>> Hi, i have some problems with suffixs, im new to LDAP so maybe im
>>>
>>> misunderstanding concepts, Ok here it goes...
>>>
>>> Im working with centos-ds. Im asking here beacause the solutions
>>> probably can
>>>
>>> be apllied in 389-like software such as centos. well, i have the server
>>> up and running with some entries, but im interested on enabling diferent
>>> databases for some objects. The idea is to have an especific
>>> configuration for each object, because it represents diferents systems
>>> that probably will have diferents resource needs and access controls.
>>>
>> You don't need sub-suffixes for that. You usually only need a
>> sub-suffix if the underlying data needs to be distributed somehow like
>> for a separate replication agreement, or a chaining database.
>>
> Very well, i had the feeling that suffix was not the way to go. For now Im not
> planning to distribute my directory in a replication, multi-master mode etc. I
> want to stay with just one standalone directory server.
>
> What feature is needed to be enabled in order to achieve custom database
> configurations?can this be implemented by setting up several logical databases
> or it implies to do a distributed deployment?
>
I'm not sure what you mean - first, see
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Configuring_Directory_Databases.html
>>> So, under the root suffix on configuration tab of 389-console(yes im
>>> using 389- console on centos-ds) i right click it and add a new
>>> sub-suffix. For instance i name it "ou=systems" and also the database
>>> with the same name is created and enabled.
>>>
>>> The thing is that when im browsing the directory, there isn't a ou=system
>>> on the main tree, instead is shown only on the main(right) section of
>>> the gui. Im going to add an entry and i have an permission error. That's
>>> odd becausa im "admin/Directory Manager" user.
>>>
>> When you setup your directory server using the setup-ds-admin.pl script,
>> it creates the console admin user and adds some ACIs to the suffix you
>> specified. If you create another suffix, those ACIs do not apply - you
>> can copy them if you want to. One of the limitations of the ACI system
>> is that you cannot set an ACI for the creation of a top level entry for
>> a suffix - you must the directory manager to do that. However, if you
>> are trying to create the entry for a sub-suffix you created in the
>> console, and the parent suffix was created by setup-ds-admin.pl, you
>> should be able to create the entry using the console admin user.
>>
>>
>>> Can anybode help me? maybe im wrong trying to apply a sub-suffix to solve
>>> a custom database configuration per some objects.
>>>
>>> Regards
>>> Francisco.
>>> --
>>> 389 users mailing list
>>> 389-users at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
More information about the 389-users
mailing list