1999-10-01 00:57:45 +08:00
|
|
|
# $OpenLDAP$
|
1999-04-24 07:41:45 +08:00
|
|
|
# Copyright 1999, The OpenLDAP Foundation, All Rights Reserved.
|
|
|
|
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
|
1999-05-03 09:19:22 +08:00
|
|
|
|
1999-04-24 07:00:44 +08:00
|
|
|
H1: Database Creation and Maintenance Tools
|
|
|
|
|
|
|
|
This section tells you how to create a slapd database from
|
|
|
|
scratch, and how to do trouble shooting if you run into
|
|
|
|
problems. There are two ways to create a database. First,
|
|
|
|
you can create the database on-line using LDAP. With this
|
|
|
|
method, you simply start up slapd and add entries using the
|
|
|
|
LDAP client of your choice. This method is fine for relatively
|
|
|
|
small databases (a few hundred or thousand entries,
|
|
|
|
depending on your requirements).
|
|
|
|
|
|
|
|
The second method of database creation is to do it off-line,
|
|
|
|
using the index generation tools. This method is best if you
|
|
|
|
have many thousands of entries to create, which would take
|
|
|
|
an unacceptably long time using the LDAP method, or if you
|
|
|
|
want to ensure the database is not accessed while it is
|
|
|
|
being created.
|
|
|
|
|
|
|
|
|
|
|
|
H2: Creating a database over LDAP
|
|
|
|
|
|
|
|
With this method, you use the LDAP client of your choice
|
|
|
|
(e.g., the ldapadd(1) tool) to add entries, just like you would
|
|
|
|
once the database is created. You should be sure to set the
|
|
|
|
following configuration options before starting slapd:
|
|
|
|
|
|
|
|
E: suffix <dn>
|
|
|
|
|
|
|
|
As described in the preceding section, this option says what
|
|
|
|
entries are to be held by this database. You should set this
|
|
|
|
to the DN of the root of the subtree you are trying to create.
|
|
|
|
For example
|
|
|
|
|
1999-04-25 07:11:27 +08:00
|
|
|
E: suffix "dc=OpenLDAP, dc=org"
|
1999-04-24 07:00:44 +08:00
|
|
|
|
|
|
|
You should be sure to specify a directory where the index
|
|
|
|
files should be created:
|
|
|
|
|
|
|
|
E: directory <directory>
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
E: directory /usr/local/openldap/slapd
|
|
|
|
|
|
|
|
You need to make it so you can connect to slapd as
|
|
|
|
somebody with permission to add entries. This is done
|
|
|
|
through the following two options in the database definition:
|
|
|
|
|
|
|
|
E: rootdn <dn>
|
|
|
|
E: rootpw <passwd>
|
|
|
|
|
|
|
|
These options specify a DN and password that can be used
|
|
|
|
to authenticate as the "superuser" entry of the database (i.e.,
|
|
|
|
the entry allowed to do anything). The DN and password
|
|
|
|
specified here will always work, regardless of whether the
|
|
|
|
entry named actually exists or has the password given. This
|
|
|
|
solves the chicken-and-egg problem of how to authenticate
|
|
|
|
and add entries before any entries yet exist.
|
|
|
|
|
|
|
|
Finally, you should make sure that the database definition
|
|
|
|
contains the index definitions you want:
|
|
|
|
|
|
|
|
E: index {<attrlist> | default} [pres,eq,approx,sub,none]
|
|
|
|
|
|
|
|
For example, to index the cn, sn, uid and objectclass
|
|
|
|
attributes the following index configuration lines could be
|
|
|
|
used.
|
|
|
|
|
|
|
|
E: index cn,sn,uid
|
|
|
|
E: index objectclass pres,eq
|
|
|
|
E: index default none
|
|
|
|
|
|
|
|
See Section 4 on the configuration file for more details on
|
|
|
|
this option. Once you have configured things to your liking,
|
|
|
|
start up slapd, connect with your LDAP client, and start
|
1999-04-25 07:11:27 +08:00
|
|
|
adding entries. For example, to add a the organizational entry
|
1999-04-24 07:00:44 +08:00
|
|
|
followed by a Postmaster entry using the {{I:ldapadd}} tool, you
|
|
|
|
could create a file called {{EX:/tmp/newentry}} with the contents:
|
|
|
|
|
|
|
|
|
1999-04-25 07:11:27 +08:00
|
|
|
E: dc=OpenLDAP, dc=org
|
|
|
|
E: objectClass=dcObject
|
1999-04-24 07:00:44 +08:00
|
|
|
E: objectClass=organization
|
1999-04-25 07:11:27 +08:00
|
|
|
E: dc=OpenLDAP
|
|
|
|
E: o=OpenLDAP
|
|
|
|
E: o=OpenLDAP Project
|
|
|
|
E: o=OpenLDAP Foundation
|
|
|
|
E: description=The OpenLDAP Foundation
|
|
|
|
E: description=The OpenLDAP Project
|
|
|
|
E:
|
|
|
|
E: cn=Postmaster, dc=OpenLDAP, dc=org
|
1999-04-24 07:00:44 +08:00
|
|
|
E: objectClass=organizationalRole
|
|
|
|
E: cn=Postmaster
|
1999-04-25 07:11:27 +08:00
|
|
|
E: description=OpenLDAP Postmaster <Postmaster@OpenLDAP.org>
|
1999-04-24 07:00:44 +08:00
|
|
|
|
|
|
|
and then use a command like this to actually create the
|
|
|
|
entry:
|
|
|
|
|
1999-05-03 09:19:22 +08:00
|
|
|
E: ldapadd -f /tmp/newentry -D "cn=Manager, dc=OpenLDAP, dc=org" -w secret
|
1999-04-24 07:00:44 +08:00
|
|
|
|
|
|
|
The above command assumes that you have set {{EX: rootdn}} to
|
1999-04-25 07:11:27 +08:00
|
|
|
"cn=Manager, dc=OpenLDAP, dc=org" and {{EX: rootpw}}
|
1999-04-24 07:00:44 +08:00
|
|
|
to "secret".
|
|
|
|
|
1999-05-03 09:19:22 +08:00
|
|
|
|
1999-04-24 07:00:44 +08:00
|
|
|
H2: Creating a database off-line
|
|
|
|
|
|
|
|
The second method of database creation is to do it off-line,
|
|
|
|
using the index generation tools described below. This
|
|
|
|
method is best if you have many thousands of entries to
|
|
|
|
create, which would take an unacceptably long time using
|
|
|
|
the LDAP method described above. These tools read the
|
|
|
|
slapd configuration file and an input file containing a text
|
|
|
|
representation of the entries to add. They produce the LDBM
|
|
|
|
index files directly. There are several important configuration
|
|
|
|
options you will want to be sure and set in the config file
|
|
|
|
database definition first:
|
|
|
|
|
|
|
|
E: suffix <dn>
|
|
|
|
|
|
|
|
As described in the preceding section, this option says what
|
|
|
|
entries are to be held by this database. You should set this
|
|
|
|
to the DN of the root of the subtree you are trying to create.
|
|
|
|
For example
|
|
|
|
|
1999-04-25 07:11:27 +08:00
|
|
|
E: suffix "dc=OpenLDAP, dc=org"
|
1999-04-24 07:00:44 +08:00
|
|
|
|
|
|
|
You should be sure to specify a directory where the index
|
|
|
|
files should be created:
|
|
|
|
|
|
|
|
E: directory <directory>
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
1999-04-25 07:11:27 +08:00
|
|
|
E: directory /usr/local/var/openldap
|
1999-04-24 07:00:44 +08:00
|
|
|
|
|
|
|
Next, you probably want to increase the size of the in-core
|
|
|
|
cache used by each open index file. For best performance
|
|
|
|
during index creation, the entire index should fit in memory. If
|
|
|
|
your data is too big for this, or your memory too small, you
|
|
|
|
can still make it pretty big and let the paging system do the
|
|
|
|
work. This size is set with the following option:
|
|
|
|
|
|
|
|
E: dbcachesize <integer>
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
E: dbcachesize 50000000
|
|
|
|
|
|
|
|
This would create a cache 50 MB big, which is pretty big (at
|
|
|
|
U-M, our database has about 125K entries, and our biggest
|
|
|
|
index file is about 45 MB). Experiment with this number a bit,
|
|
|
|
and the degree of parallelism (explained below), to see what
|
|
|
|
works best for your system. Remember to turn this number
|
|
|
|
back down once your index files are created and before you
|
|
|
|
run slapd.
|
|
|
|
|
|
|
|
Finally, you need to specify which indexes you want to build.
|
|
|
|
This is done by one or more index options.
|
|
|
|
|
|
|
|
E: index {<attrlist> | default} [pres,eq,approx,sub,none]
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
E: index cn,sn,uid pres,eq,approx
|
|
|
|
E: index default none
|
|
|
|
|
|
|
|
This would create presence, equality and approximate
|
|
|
|
indexes for the cn, sn, and uid attributes, and no indexes for
|
|
|
|
any other attributes. See the configuration file section for
|
|
|
|
more information on this option.
|
|
|
|
|
|
|
|
H3: The {{EX: ldif2ldbm}} program
|
|
|
|
|
|
|
|
Once you've configured things to your liking, you create the
|
|
|
|
indexes by running the ldif2ldbm program:
|
|
|
|
|
|
|
|
E: ldif2ldbm -i <inputfile> -f <slapdconfigfile>
|
|
|
|
E: [-d <debuglevel>] [-j <integer>]
|
|
|
|
E: [-n <databasenumber>] [-e <etcdir>]
|
|
|
|
|
|
|
|
The arguments have the following meanings:
|
|
|
|
|
|
|
|
E: -i <inputfile>
|
|
|
|
|
|
|
|
Specifies the LDIF input file containing the entries to add in
|
|
|
|
text form (described below in Section 8.3).
|
|
|
|
|
|
|
|
E: -f <slapdconfigfile>
|
|
|
|
|
|
|
|
Specifies the slapd configuration file that tells where to
|
|
|
|
create the indexes, what indexes to create, etc.
|
|
|
|
|
|
|
|
E: -d <debuglevel>
|
|
|
|
|
|
|
|
Turn on debugging, as specified by {{EX: <debuglevel>}}. The
|
|
|
|
debug levels are the same as for slapd (see Section 6.1).
|
|
|
|
|
|
|
|
E: -j <integer>
|
|
|
|
|
|
|
|
An optional argument that specifies that at most {{EX: <integer>}}
|
|
|
|
processes should be started in parallel when building the
|
|
|
|
indexes. The default is 1. If set to a value greater than one,
|
|
|
|
{{I: ldif2ldbm}} will create at most that many subprocesses at a
|
|
|
|
time when building the indexes. A separate subprocess is
|
|
|
|
created to build each attribute index. Running these
|
|
|
|
processes in parallel can speed things up greatly, but
|
|
|
|
beware of creating too many processes, all competing for
|
|
|
|
memory and disk resources.
|
|
|
|
|
|
|
|
E: -n <databasenumber>
|
|
|
|
|
|
|
|
An optional argument that specifies the configuration file
|
|
|
|
database for which to build indices. The first database listed
|
|
|
|
is "1", the second "2", etc. By default, the first ldbm database
|
|
|
|
in the configuration file is used.
|
|
|
|
|
|
|
|
E: -e <etcdir>
|
|
|
|
|
|
|
|
An optional argument that specifies the directory where
|
|
|
|
{{EX: ldif2ldbm}} can find the other database conversion tools it
|
|
|
|
needs to execute ({{EX: ldif2index}} and friends). The default is the
|
|
|
|
installation {{EX: ETCDIR}}.
|
|
|
|
|
|
|
|
The next sections describe the programs invoked by
|
|
|
|
{{I: ldif2ldbm}} when it is building indexes. Normally, these
|
|
|
|
programs are invoked for you, but occasionally you may
|
|
|
|
want to invoke them yourself.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
H3: The {{EX: ldif2index}} program
|
|
|
|
|
|
|
|
Sometimes it may be necessary to create a new attribute
|
|
|
|
index file without disturbing the rest of the database. This is
|
|
|
|
possible using the {{EX: ldif2index}} program. {{EX: ldif2index}} is invoked
|
|
|
|
like this
|
|
|
|
|
|
|
|
E: ldif2index -i <inputfile> -f <slapdconfigfile>
|
|
|
|
E: [-d <debuglevel>] [-n <databasenumber>] <attr>
|
|
|
|
|
|
|
|
Where the -i, -f, -d, and -n options are the same as for the
|
|
|
|
{{I: ldif2ldbm}} program. {{EX: <attr>}} is the attribute to build an index for.
|
|
|
|
Which indexes are built (e.g., equality, substring, etc.) is
|
|
|
|
controlled by the corresponding index line in the slapd
|
|
|
|
configuration file.
|
|
|
|
|
|
|
|
You can use the ldbmcat program to create a suitable LDIF
|
|
|
|
input file from an existing LDBM database.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
H3: The {{EX: ldif2id2entry}} program
|
|
|
|
|
|
|
|
The {{EX: ldif2id2entry}} program is normally invoked from {{EX: ldif2ldbm}}.
|
|
|
|
It is used to convert an LDIF text file into an {{EX: id2entry}} index.
|
|
|
|
It is unlikely that you would need to invoke it yourself, but if
|
|
|
|
you do it works like this
|
|
|
|
|
|
|
|
E: ldif2id2entry -i <inputfile> -f <slapdconfigfile>
|
|
|
|
E: [-d <debuglevel>] [-n <databasenumber>]
|
|
|
|
|
|
|
|
The arguments are the same as for the {{EX: ldif2ldbm}} program.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
H3: The {{EX: ldif2id2children}} program
|
|
|
|
|
|
|
|
The {{EX: ldif2id2children}} program is normally invoked from
|
|
|
|
{{EX: ldif2ldbm}}. It is used to convert an LDIF text file into
|
|
|
|
{{EX: id2children}} and {{EX: dn2id}} indexes. Occasionally, it may be
|
|
|
|
necessary to run this program yourself, for example if one of
|
|
|
|
these indexes has become corrupted. {{EX: ldif2id2children}} is
|
|
|
|
invoked like this
|
|
|
|
|
|
|
|
E: ldif2id2children -i <inputfile> -f <slapdconfigfile>
|
|
|
|
E: [-d <debuglevel>] [-n <databasenumber>]
|
|
|
|
|
|
|
|
The arguments are the same as for the {{EX: ldif2ldbm}} program.
|
|
|
|
You can use the ldbmcat program to create a suitable LDIF
|
|
|
|
input file from an existing LDBM database.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
H3: The {{EX: ldbmcat}} program
|
|
|
|
|
|
|
|
The {{EX: ldbmcat}} program is used to convert an {{EX: id2entry}} index
|
|
|
|
back into its LDIF text format. This can be useful when you
|
|
|
|
want to make a human-readable backup of your database,
|
|
|
|
or as an intermediate step in creating a new index using the
|
|
|
|
{{EX: ldif2index}} program. The program is invoked like this:
|
|
|
|
|
|
|
|
E: ldbmcat [-n] <filename>
|
|
|
|
|
|
|
|
where {{EX: <filename>}} is the name of the {{EX: id2entry}} index file. The
|
|
|
|
corresponding LDIF output is written to standard output.
|
|
|
|
|
|
|
|
The -n option can be used to prevent the printing of entry
|
|
|
|
IDs in the LDIF format. If you are creating an LDIF format for
|
|
|
|
use as input to {{EX: ldif2index}} or anything by {{EX: ldif2ldbm}}, you
|
|
|
|
should not use the -n option (because the entry IDs must
|
|
|
|
match those already in the id2entry file). If you are just
|
|
|
|
making a backup of your data, you can use the -n option to
|
|
|
|
save space.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
H3: The {{EX: ldif}} program
|
|
|
|
|
|
|
|
The ldif program is used to convert arbitrary data values to
|
|
|
|
LDIF format. This can be useful when writing a program or
|
|
|
|
script to create the LDIF file you will feed into the ldif2ldbm
|
|
|
|
program, or when writing a SHELL backend. ldif takes an
|
|
|
|
attribute name as an argument, and reads the attribute
|
|
|
|
value(s) from standard input. It produces the LDIF formatted
|
|
|
|
attribute line(s) on standard output. The usage is:
|
|
|
|
|
|
|
|
E: ldif [-b] <attrname>
|
|
|
|
|
|
|
|
where {{EX: <attrname>}} is the name of the attribute. Without the
|
|
|
|
-b option, ldif considers each line of standard input to be a
|
|
|
|
separate value of the attribute.
|
|
|
|
|
|
|
|
The -b option can be used to force ldif to interpret its input
|
|
|
|
as a single raw binary value. This option is useful when
|
|
|
|
converting binary data such as a {{EX: jpegPhoto}} or {{EX: audio}}
|
|
|
|
attribute.
|
|
|
|
|
|
|
|
|
|
|
|
H2: The LDIF text entry format
|
|
|
|
|
|
|
|
The LDAP Data Interchange Format (LDIF) is used to
|
|
|
|
represent LDAP entries in a simple text format. The basic
|
|
|
|
form of an entry is:
|
|
|
|
|
|
|
|
E: [<id>]
|
|
|
|
E: dn: <distinguished name>
|
|
|
|
E: <attrtype>: <attrvalue>
|
|
|
|
E: <attrtype>: <attrvalue>
|
|
|
|
E:
|
|
|
|
E: ...
|
|
|
|
|
|
|
|
where {{EX: <id>}} is the optional entry ID (a positive decimal
|
|
|
|
number). Normally, you would not supply the {{EX: <id>}}, allowing
|
|
|
|
the database creation tools to do that for you. The ldbmcat
|
|
|
|
program, however, produces an LDIF format that includes
|
|
|
|
{{EX: <id>}} so that new indexes created will be consistent.
|
|
|
|
|
|
|
|
A line may be continued by starting the next line with a
|
|
|
|
single space or tab character. e.g.,
|
|
|
|
|
1999-04-25 07:11:27 +08:00
|
|
|
E: dn: cn=Barbara J Jensen, dc=OpenLDAP, dc=org
|
1999-04-24 07:00:44 +08:00
|
|
|
|
|
|
|
Multiple attribute values are specified on separate lines. e.g.,
|
|
|
|
|
|
|
|
E: cn: Barbara J Jensen
|
|
|
|
E: cn: Babs Jensen
|
|
|
|
|
|
|
|
If an {{EX: <attrvalue>}} contains a non-printing character, or
|
|
|
|
begins with a space or a colon `:', the {{EX: <attrtype>}} is followed
|
|
|
|
by a double colon and the value is encoded in base 64
|
|
|
|
notation. e.g., the value " begins with a space" would be
|
|
|
|
encoded like this:
|
|
|
|
|
|
|
|
E: cn:: IGJlZ2lucyB3aXRoIGEgc3BhY2U=
|
|
|
|
|
|
|
|
Multiple entries within the same LDIF file are separated by
|
|
|
|
blank lines. Here's an example of an LDIF file containing
|
|
|
|
three entries.
|
|
|
|
|
1999-04-25 07:11:27 +08:00
|
|
|
E: dn: cn=Barbara J Jensen, dc=OpenLDAP, dc=org
|
1999-04-24 07:00:44 +08:00
|
|
|
E: cn: Barbara J Jensen
|
|
|
|
E: cn: Babs Jensen
|
|
|
|
E: objectclass: person
|
|
|
|
E: sn: Jensen
|
|
|
|
E:
|
|
|
|
E:
|
1999-04-25 07:11:27 +08:00
|
|
|
E: dn: cn=Bjorn J Jensen, dc=OpenLDAP, dc=org
|
1999-04-24 07:00:44 +08:00
|
|
|
E: cn: Bjorn J Jensen
|
|
|
|
E: cn: Bjorn Jensen
|
|
|
|
E: objectclass: person
|
|
|
|
E: sn: Jensen
|
|
|
|
E:
|
1999-04-25 07:11:27 +08:00
|
|
|
E: dn: cn=Jennifer J Jensen, dc=OpenLDAP, dc=org
|
1999-04-24 07:00:44 +08:00
|
|
|
E: cn: Jennifer J Jensen
|
|
|
|
E: cn: Jennifer Jensen
|
|
|
|
E: objectclass: person
|
|
|
|
E: sn: Jensen
|
|
|
|
E: jpegPhoto:: /9j/4AAQSkZJRgABAAAAAQABAAD/2wBDABALD
|
|
|
|
E: A4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQ
|
|
|
|
E: ERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P/2wBDARESEhgVG
|
|
|
|
E:
|
|
|
|
E: ...
|
|
|
|
|
|
|
|
Notice that the {{EX: jpegPhoto}} in Jennifer Jensen's entry is
|
|
|
|
encoded using base 64. The {{EX: ldif}} program (described in
|
|
|
|
Section 8.2.6) can be used to produce the LDIF format.
|
|
|
|
|
|
|
|
Note: Trailing spaces are not trimmed from values in an
|
|
|
|
LDIF file. Nor are multiple internal spaces compressed. If
|
|
|
|
you don't want them in your data, don't put them there.
|
|
|
|
|
|
|
|
|
|
|
|
H2: Converting from QUIPU EDB format to LDIF format
|
|
|
|
|
|
|
|
If you have directory data that is or was held in a QUIPU
|
|
|
|
DSA (available as part of the ISODE package), you will want
|
|
|
|
to convert the EDB files used by QUIPU into an LDIF file.
|
|
|
|
The edb2ldif program is provided to do most of the
|
|
|
|
conversion for you. Once you have an LDIF file, you should
|
|
|
|
follow the steps outlined in section 6.2 above to build an
|
|
|
|
LDBM database for slapd.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
H3: The {{EX: edb2ldif}} program
|
|
|
|
|
|
|
|
The edb2ldif program is invoked like this:
|
|
|
|
|
|
|
|
E: edb2ldif [-d] [-v] [-r] [-o] [-b <basedn>]
|
|
|
|
E: [-a <addvalsfile>] [-f <fileattrdir>]
|
|
|
|
E: [-i <ignoreattr...>] [<edbfile...>]
|
|
|
|
|
|
|
|
The LDIF data is written to standard output. The arguments
|
|
|
|
have the following meanings:
|
|
|
|
|
|
|
|
E: -d
|
|
|
|
|
|
|
|
This option enables some debugging output on standard
|
|
|
|
error.
|
|
|
|
|
|
|
|
E: -v
|
|
|
|
|
|
|
|
Enable verbose mode that writes status information to
|
|
|
|
standard error, such as which EDB file is being processed,
|
|
|
|
how many entries have been converted so far, etc.
|
|
|
|
|
|
|
|
E: -r
|
|
|
|
|
|
|
|
Recurse through child directories, processing all EDB files
|
|
|
|
found.
|
|
|
|
|
|
|
|
E: -o
|
|
|
|
|
|
|
|
Cause local .add file definitions to override the global addfile
|
|
|
|
(see -a below)
|
|
|
|
|
|
|
|
E: -b <basedn>
|
|
|
|
|
|
|
|
Specify the Distinguished Name that all EDB file entries
|
|
|
|
appear below.
|
|
|
|
|
|
|
|
E: -a <addvalsfile>
|
|
|
|
|
|
|
|
The LDIF information contained in this file will be appended
|
|
|
|
to each entry.
|
|
|
|
|
|
|
|
E: -f <fileattrdir>
|
|
|
|
|
|
|
|
Specify a single directory where all file-based attributes
|
|
|
|
(typically sounds and images) can be found. If this option is
|
|
|
|
not given, file attributes are assumed to be located in the
|
|
|
|
same directory as the EDB file that refers to them.
|
|
|
|
|
|
|
|
E: -i <ignoreattr>
|
|
|
|
|
|
|
|
Specify an attribute that should not be converted. You can
|
|
|
|
include as many -i flags as necessary.
|
|
|
|
|
|
|
|
E: <edbfile>
|
|
|
|
|
|
|
|
Specify a particular EDB file (or files) to read data from. By
|
|
|
|
default, the EDB.root (if it exists) and EDB files in the current
|
|
|
|
directory are used.
|
|
|
|
|
|
|
|
When {{EX: edb2ldif}} is invoked, it will also look for files named
|
|
|
|
.add in the directories where EDB files are found and append
|
|
|
|
the contents of the .add file to each entry. Typically, this
|
|
|
|
feature is used to include inherited attribute values (e.g.,
|
|
|
|
{{EX: objectClass}}) that do not appear in the EDB files.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
H3: Step-by-step EDB to LDIF conversion
|
|
|
|
|
|
|
|
The basic steps to follow when converting your EDB format
|
|
|
|
data to an LDIF file are:
|
|
|
|
|
|
|
|
^ Locate the directory at the top of the EDB file hierarchy
|
1999-05-03 09:19:22 +08:00
|
|
|
that your QUIPU DSA masters. The EDB file located there
|
|
|
|
should contain the entries for the first level of your
|
|
|
|
organization or organizational unit. If you are using an
|
|
|
|
indexed database with QUIPU, you may need to create EDB
|
|
|
|
files from your index files (using the synctree or qb2edb
|
|
|
|
tools).
|
|
|
|
|
|
|
|
|
|
|
|
+ If you do not have a file named EDB.root in the same
|
|
|
|
directory that contains your organizational or organizational
|
|
|
|
unit entry, create it now by hand. Its contents should look
|
|
|
|
something like this:
|
|
|
|
|
1999-04-24 07:00:44 +08:00
|
|
|
.{{EX: MASTER}}
|
|
|
|
.{{EX: 000001}}
|
|
|
|
.{{EX: }}
|
1999-04-25 07:11:27 +08:00
|
|
|
.{{EX: o=OpenLDAP}}
|
1999-04-24 07:00:44 +08:00
|
|
|
.{{EX: objectClass= top & organization & domainRelatedObject &\}}
|
|
|
|
.{{EX: quipuObject & quipuNonLeafObject}}
|
1999-04-25 07:11:27 +08:00
|
|
|
.{{EX: l= Redwood City, California}}
|
|
|
|
.{{EX: st= California}}
|
|
|
|
.{{EX: o=OpenLDAP Project & OpenLDAP Foundation & OpenLDAP}}
|
|
|
|
.{{EX: description=The OpenLDAP Project}}
|
|
|
|
.{{EX: associatedDomain= openldap.org}}
|
1999-04-24 07:00:44 +08:00
|
|
|
.{{EX: masterDSA= c=US@cn=Woolly Monkey}}
|
|
|
|
.{{EX: }}
|
|
|
|
|
|
|
|
+ (Optional) Create a global add file and/or local .add files to
|
1999-05-03 09:19:22 +08:00
|
|
|
take care of adding any attribute values that do not appear in
|
|
|
|
the EDB files. For example, if all entries in a particular EDB
|
|
|
|
are person entries and you want to add the appropriate
|
|
|
|
objectClass attribute value for them, create a file called .add
|
|
|
|
in the same directory as the person EDB that contains the
|
|
|
|
single line:
|
|
|
|
|
1999-04-24 07:00:44 +08:00
|
|
|
.{{EX: objectClass: person }}
|
1999-05-03 09:19:22 +08:00
|
|
|
|
1999-04-24 07:00:44 +08:00
|
|
|
|
|
|
|
+ Run the edb2ldif program to do the actual conversion.
|
1999-05-03 09:19:22 +08:00
|
|
|
Make sure you are in the directory that contains the root of
|
|
|
|
the EDB hierarchy (the one where the EDB.root file resides).
|
|
|
|
Include a -b flag with a base DN one level above your
|
|
|
|
organizational entry, and include -i flags to ignore any
|
|
|
|
attributes that are not useful to slapd. E.g., the command:
|
|
|
|
|
1999-04-24 07:00:44 +08:00
|
|
|
.{{EX: edb2ldif -v -r -b "c=US" -i iattr -i acl -i xacl -i sacl}}
|
|
|
|
.{{EX: -i lacl -i masterDSA -i slaveDSA > ldif}}
|
1999-05-03 09:19:22 +08:00
|
|
|
|
|
|
|
will convert the entire EDB hierarchy to LDIF format and
|
|
|
|
write the result to a file named ldif. Some attributes that are
|
|
|
|
not useful when running slapd are ignored. The EDB
|
|
|
|
hierarchy is assumed to reside logically below the base DN
|
|
|
|
"c=US".
|
1999-04-24 07:00:44 +08:00
|
|
|
|
|
|
|
+ Follow the steps outlined in section 8.2 above to produce
|
1999-05-03 09:19:22 +08:00
|
|
|
an LDBM database from your new LDIF file.
|
1999-04-24 07:00:44 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
H2: The ldbmtest program
|
|
|
|
|
|
|
|
Occasionally you may find it useful to look at the LDBM
|
|
|
|
database and index files directly (i.e., without going through
|
|
|
|
slapd). The {{EX: ldbmtest}} program is provided for this purpose. It
|
|
|
|
gives you raw access to the database itself. {{EX: ldbmtest}} should
|
|
|
|
be run line this:
|
|
|
|
|
|
|
|
E: ldbmtest [-d <debuglevel>] [-f <slapdconfigfile>]
|
|
|
|
|
|
|
|
The default configuration file in the {{EX: ETCDIR}} is used if you
|
|
|
|
don't supply one. By default, ldbmtest operates on the last
|
|
|
|
database listed in the config file. You can specify an
|
|
|
|
alternate database, or see the current database with the
|
|
|
|
following commands.
|
|
|
|
|
|
|
|
E: b specify an alternate backend database
|
|
|
|
E: B print out the current backend database
|
|
|
|
|
|
|
|
The {{EX: b}} command will prompt you for the suffix associated with
|
|
|
|
the database you want. The database you select can be
|
|
|
|
viewed and modified using a set of two-letter commands.
|
|
|
|
The first letter selects the command function to perform.
|
|
|
|
Possible commands and their meanings are as follows.
|
|
|
|
|
|
|
|
E: l lookup (do not follow indirection)
|
|
|
|
E: L lookup (follow indirection)
|
|
|
|
E: t traverse and print keys and data
|
|
|
|
E: T traverse and print keys only
|
|
|
|
E: x delete an index item
|
|
|
|
E: e edit an index item
|
|
|
|
E: a add an index item
|
|
|
|
E: c create an index file
|
|
|
|
E: i insert an entry into an index item
|
|
|
|
|
|
|
|
The second letter indicates which index the command
|
|
|
|
applies to. The possible index selections are as follows.
|
|
|
|
|
|
|
|
E: c id2children index
|
|
|
|
E: d dn2id index
|
|
|
|
E: e id2entry index
|
|
|
|
E: f arbitrary file name
|
|
|
|
E: i attribute index
|
|
|
|
|
|
|
|
Each command may require additional arguments which
|
|
|
|
ldbmtest will prompt you for.
|
|
|
|
|
|
|
|
To exit {{EX: ldbmtest}}, type {{EX: control-D}} or {{EX: control-C}}.
|
|
|
|
|
|
|
|
Note that this is a very raw interface originally developed
|
|
|
|
when testing the database format. It is provided and
|
|
|
|
minimally documented here for interested parties, but it is not
|
|
|
|
meant to be used by the inexperienced. See the next section
|
|
|
|
for a brief description of the LDBM database format.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
H2: The LDBM database format
|
|
|
|
|
|
|
|
In normal operation, it is not necessary for you to know much
|
|
|
|
about the LDBM database format. If you are going to use the
|
|
|
|
ldbmtest program to look at or alter the database, or if you
|
|
|
|
want a deeper understanding of how indexes are maintained,
|
|
|
|
some knowledge of how it works could be useful. This
|
|
|
|
section gives an overview of the database format and how
|
|
|
|
slapd makes use of it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
H3: Overview
|
|
|
|
|
|
|
|
The LDBM database works by assigning a compact
|
|
|
|
four-byte unique identifier to each entry in the database. It
|
|
|
|
uses this identifier to refer to entries in indexes. The
|
|
|
|
database consists of one main index file, called id2entry,
|
|
|
|
which maps from an entry's unique identifier (EID) to a text
|
|
|
|
representation of the entry itself. Other index files are
|
|
|
|
maintained, for each indexed attribute for example, that map
|
|
|
|
values people are likely to search on to lists of EIDs.
|
|
|
|
|
|
|
|
Using this simple scheme, many LDAP queries can be
|
|
|
|
answered efficiently. For example, to answer a search for
|
|
|
|
entries with a surname of "Jensen", slapd would first consult
|
|
|
|
the surname attribute index, look up the value "Jensen" and
|
|
|
|
retrieve the corresponding list of EIDs. Next, slapd would
|
|
|
|
look up each EID in the id2entry index, retrieve the
|
|
|
|
corresponding entry, convert it from text to LDAP format, and
|
|
|
|
return it to the client.
|
|
|
|
|
|
|
|
The following sections give a very brief overview of each
|
|
|
|
type of index and what it contains. For more detailed
|
|
|
|
information see the paper "An X.500 and LDAP Database:
|
|
|
|
Design and Implementation," available in postscript format
|
|
|
|
from
|
1999-05-03 09:19:22 +08:00
|
|
|
{{URL:ftp://terminator.rs.itd.umich.edu/ldap/papers/xldbm.ps}}
|
1999-04-24 07:00:44 +08:00
|
|
|
|
|
|
|
|
|
|
|
H3: Attribute index format
|
|
|
|
|
|
|
|
The LDBM backend will maintain one index file for each
|
|
|
|
attribute it is asked to index. Several sets of keys must
|
|
|
|
coexist in this file (e.g., keys for equality and approximate
|
|
|
|
equality), so the keys are prefixed with a character to ensure
|
|
|
|
uniqueness. The prefixes are given in the table below
|
|
|
|
|
|
|
|
E: = equality keys
|
|
|
|
E: ~ approximate equality keys
|
|
|
|
E: * substring equality keys
|
|
|
|
E: \ continuation keys
|
|
|
|
|
|
|
|
Key values are also normalized (e.g., converted to upper
|
|
|
|
case for case ignore attributes). So, for example, to look up
|
|
|
|
the surname equality value in the example above using the
|
|
|
|
ldbmtest program, you would look up the value "{{EX: =JENSEN}}".
|
|
|
|
|
|
|
|
Substring indexes are maintained by generating all possible
|
|
|
|
N-character substrings for a value (N is 3 by default). These
|
|
|
|
substrings are then stored in the attribute index, prefixed by
|
|
|
|
"*". Additional anchors of "^" and "$" are added at the
|
|
|
|
beginning and end of words. So, for example the surname of
|
|
|
|
Jensen would cause the following keys to be entered in the
|
|
|
|
index: {{EX: ^JE, JEN, ENS, NSE, SEN, EN$}}.
|
|
|
|
|
|
|
|
Approximate values are handled in a similar way, with
|
|
|
|
phonetic codes being generated for each word in a value
|
|
|
|
and then stored in the index, prefixed by "~".
|
|
|
|
|
|
|
|
Large blocks in the index are split into smaller ones. The
|
|
|
|
smaller blocks are accessed through a level of indirection
|
|
|
|
provided by the original block. They are stored in the index
|
|
|
|
using the continuation key prefix of "\".
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
H3: Other indexes
|
|
|
|
|
|
|
|
In addition to the {{EX: id2entry}} and attribute indexes, LDBM
|
|
|
|
maintains a number of other indexes, including the {{EX: dn2id}}
|
|
|
|
index and the {{EX: id2children}} index. These indexes provide the
|
|
|
|
mapping between a DN and the corresponding EID, and the
|
|
|
|
mapping between an EID and the EIDs of the corresponding
|
|
|
|
entry's children, respectively.
|
|
|
|
|
|
|
|
The {{EX: dn2id}} index stores normalized DNs as keys. The data
|
|
|
|
stored is the corresponding EID.
|
|
|
|
|
|
|
|
The {{EX: id2children}} index stores EIDs as keys. The data stored
|
|
|
|
is a list of EIDs, just as for the attribute indexes.
|
|
|
|
|
|
|
|
|