Does anyone use nscd?

Matthew Seaman m.seaman at
Wed Oct 5 09:37:00 UTC 2011

On 05/10/2011 09:43, Dag-Erling Smørgrav wrote:
> While we're at it, I'd be very grateful if someone could email me a
> quick and dirty guide to setting up an LDAP server for testing.  I have
> too much on my plate right now to start reading documentation...

The Quick Start guide on the OpenLDAP site is pretty good:

although steps 1 -- 8 just boil down to 'install from ports' on FreeBSD.


1) Don't enable SASL -- it adds a lot of complexity but doesn't change
anything fundamental in the way LDAP works for testing purposes.

2) The default schema include inetOrgPerson and Posix which is enough to
deal with basic Unix users and groups.  If you want to do anything more
advanced (eg. sudo related or OpenSSH LPK patches) then you'll need to
import some external schema.  I recommend always copying the schema
files into $PREFIX/etc/openldap/schema or else casually removing a port
could prevent your slapd from restarting days or weeks later...

3) The structure of an LDAP tree is site-specific and can be quite
different between different organizations, but in essence it consists of
sorting and grouping various classes of objects into various
subdirectories of your directory tree.  For testing purposes, impose at
least a minimal amount of structure.  As the quick start guide suggests,
use the dc=example,dc=com form based on your domain name to root your
LDAP tree.  Within that, create some sub-directories 'ou=Users',
'ou=Groups', 'ou=Hosts' for storing objects of the appropriate types.
This should provide a reasonable parallel to what most people would use
in production.

4) ACLs and permissions are pretty complex in LDAP.  This is something
where you are going to have to spend some quality time with the manuals
I'm afraid.

5) phpldapadmin is a pretty good tool for populating a directory with
test data.



Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP:     Ramsgate
JID: matthew at               Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 267 bytes
Desc: OpenPGP digital signature
Url :

More information about the freebsd-hackers mailing list