[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd.ldif beginner

To: Dan White <dwhite@olp.net>
Subject: Re: slapd.ldif beginner
From: Sonny Taberman <sonny.taberman@lan-master.eu>
Date: Sat, 1 Mar 2014 10:37:48 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <20140219190724.GC6289@dan.olp.net>
References: <B2CF0C97-048F-4D45-8274-CB9EAF7ACD70@lan-master.eu> <20140219190724.GC6289@dan.olp.net>

Hi Dan White and Peter Gietz.

Thank's for your kind pointers in the right direction.
Now I finally got it. :-)

My goal was to set up openldap using only the dynamic configuration style.
So I had to start from absolutely zero, everything else is considered cheating. :-)

One of the first obstacles was an error telling me that my database did not accept slapadd.
But it seems this error is not accurate because if I start by using a config.ldif that’s empty I get the same error.
Finally I figured out with the help of some logic of my own and using man pages for openldap that I had to be sure to set the correct user to my data directory as well as my /etc/openldap/*

Another problem loading my config.ldif is the slapadd command.
In several places the syntax was like this:
slapadd -d -1 -F /etc/openldap/slapd.d -F /etc/openldap/config.ldif
That is wrong, the correct syntax is like this:
slapadd -d -1 -F /etc/openldap/slapd.d -n 0 -l /etc/openldap/config.ldif

Next problem that showed up was hash sign #.
For some reason I had put # on line 1 in my config.ldif. This is a no no it turns out.
I also did use a line with only one # between the different blocks in my config, that also gave me problems.
So after removing all # from my config my config seemed to work but slapd still would not start.
I finally found out that the schema block was special.
Special in that regard that I had to have an empty line between schema block and the include command.

By the way, It seems ok to have a line start with a # then space then some text without getting in to trouble. Like this.
# This is a comment

So anyway this is my config.ldif.

dn: cn=config
objectClass: olcGlobal
cn: config
olcPidFile: /run/slapd.pid
olcArgsFile: /run/slapd.args
olcAttributeOptions: x-hidden lang-

dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/openldap
olcModuleload: back_bdb.la
olcModuleload: back_hdb.la
olcModuleload: back_ldap.la

dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema

include: file:///etc/openldap/schema/core.ldif

dn: olcDatabase=frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: frontend 
olcAccess: to attrs=name;x-hidden by * =cs
olcAccess: to attrs=userPassword by * auth
olcAccess: to * by * read

dn: olcDatabase=config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: config
olcRootPW: secret
olcAccess: to * by * none

dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: hdb
olcSuffix: dc=example,dc=intra
olcDbDirectory: /srv/ldap/openldap-data
olcDbIndex: objectClass  eq
olcDbIndex: cn,sn,mail   pres,eq,approx,sub

So thank’s for your help and I my self consider this problem solved.

Regards
Sonny

19 feb 2014 kl. 20:07 skrev Dan White <dwhite@olp.net>:

> On 02/19/14 18:29 +0100, Sonny Taberman wrote:
>> Hi all ldap people.
>> I have been trying this new way of configuring a slapd server from scratch. Sorry to say total failure on my side. I'm not sure where to begin.
>> I have built a linux system from LFS Linux from scratch. So I want to install openldap from source, so far no problems.
>> When my installation is done i have a directory in /etc/ named openldap and the content inside is this:
>> 
>> DB_CONFIG.example
>> ldap.conf
>> ldap.conf.default
>> schema
>> slapd.conf
>> slapd.conf.default
>> slapd.ldif
>> slapd.ldif.default
>> 
>> To start configure my slapd using slapd.conf there is no problem. Actually I'm beginning to think I'm pretty good att this. :-)
>> But then I try to read all I can find about configure a new slapd using slapd.ldif, not that easy.
>> I understand that I need a new directory named slapd.d. After that I have no clue.
>> I guess something is hardcoded in slapd but what am I supposed to do next?
>> How can i communicate with slapd ? I guess I have to define a password somewhere for a manager or administrator but how and where?
>> Is there a tutorial somwhere ?
>> All I need is how to start. :-)
> 
> See slapd(8), slaptest(5), slapd-config(5), ldap.conf(5), and chapter 5 of
> the OpenLDAP Software 2.4 Administrator's Guide.
> 
> In short:
> 
> mkdir <path/to>/slapd.d
> chown user.group <path/to>/slapd.d
> chmod ? <path/to>/slapd.d
> # and assuming you want to bootstrap using a slapd.conf:
> slaptest -f <path/to>slapd.conf -F <path/to>/slapd.d
> 
> Create an init script that starts slapd with appropriate options, e.g.:
> 
> /usr/sbin/slapd -h "ldap:/// ldapi:///" -g openldap -u openldap -F /etc/ldap/slapd.d
> 
> It is not recommended to modify files underneath <path/to>/slapd.conf with
> a text editor, which you may be tempted to do. Use ldapadd/ldapmodify to
> make modifications, or use slapcat -n0 to create a portable representation
> of your config.
> 
> Search for documentation or discussion of SASL EXTERNAL authentication over
> ldapi:/// (using olcAuthzRegexp), to perform administrator (rootDN)
> changes.
> 
> -- 
> Dan White

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Prev by Date: Re: replication delay problem
Next by Date: Re: replication delay problem
Index(es):
- Chronological
- Thread