On Lun 10 May 2010 18:09:46 Rich Megginson escribió: > Francisco José Pérez González wrote: > > Hi, i have some problems with suffixs, im new to LDAP so maybe im > > > > misunderstanding concepts, Ok here it goes... > > > > Im working with centos-ds. Im asking here beacause the solutions > > probably can > > > > be apllied in 389-like software such as centos. well, i have the server > > up and running with some entries, but im interested on enabling diferent > > databases for some objects. The idea is to have an especific > > configuration for each object, because it represents diferents systems > > that probably will have diferents resource needs and access controls. > > You don't need sub-suffixes for that. You usually only need a > sub-suffix if the underlying data needs to be distributed somehow like > for a separate replication agreement, or a chaining database. Very well, i had the feeling that suffix was not the way to go. For now Im not planning to distribute my directory in a replication, multi-master mode etc. I want to stay with just one standalone directory server. What feature is needed to be enabled in order to achieve custom database configurations?can this be implemented by setting up several logical databases or it implies to do a distributed deployment? > > > So, under the root suffix on configuration tab of 389-console(yes im > > using 389- console on centos-ds) i right click it and add a new > > sub-suffix. For instance i name it "ou=systems" and also the database > > with the same name is created and enabled. > > > > The thing is that when im browsing the directory, there isn't a ou=system > > on the main tree, instead is shown only on the main(right) section of > > the gui. Im going to add an entry and i have an permission error. That's > > odd becausa im "admin/Directory Manager" user. > > When you setup your directory server using the setup-ds-admin.pl script, > it creates the console admin user and adds some ACIs to the suffix you > specified. If you create another suffix, those ACIs do not apply - you > can copy them if you want to. One of the limitations of the ACI system > is that you cannot set an ACI for the creation of a top level entry for > a suffix - you must the directory manager to do that. However, if you > are trying to create the entry for a sub-suffix you created in the > console, and the parent suffix was created by setup-ds-admin.pl, you > should be able to create the entry using the console admin user. > > > Can anybode help me? maybe im wrong trying to apply a sub-suffix to solve > > a custom database configuration per some objects. > > > > Regards > > Francisco. > > -- > > 389 users mailing list > > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > > https://admin.fedoraproject.org/mailman/listinfo/389-users > > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
