Francisco José Pérez González wrote: > Hi, i have some problems with suffixs, im new to LDAP so maybe im > misunderstanding concepts, Ok here it goes... > > Im working with centos-ds. Im asking here beacause the solutions probably can > be apllied in 389-like software such as centos. well, i have the server up and > running with some entries, but im interested on enabling diferent databases > for some objects. The idea is to have an especific configuration for each > object, because it represents diferents systems that probably will have > diferents resource needs and access controls. > You don't need sub-suffixes for that. You usually only need a sub-suffix if the underlying data needs to be distributed somehow like for a separate replication agreement, or a chaining database. > So, under the root suffix on configuration tab of 389-console(yes im using 389- > console on centos-ds) i right click it and add a new sub-suffix. For instance i > name it "ou=systems" and also the database with the same name is created and > enabled. > > The thing is that when im browsing the directory, there isn't a ou=system on > the main tree, instead is shown only on the main(right) section of the gui. Im > going to add an entry and i have an permission error. That's odd becausa im > "admin/Directory Manager" user. > When you setup your directory server using the setup-ds-admin.pl script, it creates the console admin user and adds some ACIs to the suffix you specified. If you create another suffix, those ACIs do not apply - you can copy them if you want to. One of the limitations of the ACI system is that you cannot set an ACI for the creation of a top level entry for a suffix - you must the directory manager to do that. However, if you are trying to create the entry for a sub-suffix you created in the console, and the parent suffix was created by setup-ds-admin.pl, you should be able to create the entry using the console admin user. > Can anybode help me? maybe im wrong trying to apply a sub-suffix to solve a > custom database configuration per some objects. > > Regards > Francisco. > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users > -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
