Francisco Jos? P?rez Gonz?lez wrote: > On Lun 10 May 2010 18:09:46 Rich Megginson escribi?: > >> Francisco Jos? P?rez Gonz?lez wrote: >> >>> Hi, i have some problems with suffixs, im new to LDAP so maybe im >>> >>> misunderstanding concepts, Ok here it goes... >>> >>> Im working with centos-ds. Im asking here beacause the solutions >>> probably can >>> >>> be apllied in 389-like software such as centos. well, i have the server >>> up and running with some entries, but im interested on enabling diferent >>> databases for some objects. The idea is to have an especific >>> configuration for each object, because it represents diferents systems >>> that probably will have diferents resource needs and access controls. >>> >> You don't need sub-suffixes for that. You usually only need a >> sub-suffix if the underlying data needs to be distributed somehow like >> for a separate replication agreement, or a chaining database. >> > Very well, i had the feeling that suffix was not the way to go. For now Im not > planning to distribute my directory in a replication, multi-master mode etc. I > want to stay with just one standalone directory server. > > What feature is needed to be enabled in order to achieve custom database > configurations?can this be implemented by setting up several logical databases > or it implies to do a distributed deployment? > I'm not sure what you mean - first, see http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Configuring_Directory_Databases.html >>> So, under the root suffix on configuration tab of 389-console(yes im >>> using 389- console on centos-ds) i right click it and add a new >>> sub-suffix. For instance i name it "ou=systems" and also the database >>> with the same name is created and enabled. >>> >>> The thing is that when im browsing the directory, there isn't a ou=system >>> on the main tree, instead is shown only on the main(right) section of >>> the gui. Im going to add an entry and i have an permission error. That's >>> odd becausa im "admin/Directory Manager" user. >>> >> When you setup your directory server using the setup-ds-admin.pl script, >> it creates the console admin user and adds some ACIs to the suffix you >> specified. If you create another suffix, those ACIs do not apply - you >> can copy them if you want to. One of the limitations of the ACI system >> is that you cannot set an ACI for the creation of a top level entry for >> a suffix - you must the directory manager to do that. However, if you >> are trying to create the entry for a sub-suffix you created in the >> console, and the parent suffix was created by setup-ds-admin.pl, you >> should be able to create the entry using the console admin user. >> >> >>> Can anybode help me? maybe im wrong trying to apply a sub-suffix to solve >>> a custom database configuration per some objects. >>> >>> Regards >>> Francisco. >>> -- >>> 389 users mailing list >>> 389-users at lists.fedoraproject.org >>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>> >> -- >> 389 users mailing list >> 389-users at lists.fedoraproject.org >> https://admin.fedoraproject.org/mailman/listinfo/389-users >> > -- > 389 users mailing list > 389-users at lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users >
