[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP installation. Am I missing something?



Hello Sherman,

On Fri, Nov 13, 2015 at 02:29:05PM +0000, Sherman Lilly wrote:
I may have this totally wrong but why is there no installation documentation that tells somebody how to setup OpenLDAP the right way.

http://www.openldap.org/doc/admin24/

http://www.openldap.org/doc/admin24/slapdconf2.html

If you deployed OpenLDAP from a distribution package, you could also check whether your distribution provides documentation about their specific setup, which may have some additional or differing best practices compared to the above. For example, Ubuntu:

https://help.ubuntu.com/lts/serverguide/openldap-server.html

file:///usr/share/doc/slapd/README.Debian.gz
(online: http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/wily/openldap/wily/view/head:/debian/slapd.README.Debian)

or Red Hat:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/ch-Directory_Servers.html

After installing OpenLDAP you have no slapd.conf file so that direction is not happening. If you modify any file in the slapd.d directory, startup will complain about bad checksum.

Well, yes. As the files themselves say: "DO NOT EDIT!! Use ldapmodify." We can't really help if you decide to ignore that recommendation.

I can't find any where that tells you how to modify the base dn, rootdn, and root password without editing the files in the slapd.d manually.

Those parameters are touched on briefly the admin guide, above. Look for olcRootDN, olcRootPW, and olcSuffix. The slapd-config(5) man page is a more comprehensive reference for configuration directives.

Am I missing something? I have check Google, Youtube, and other places and they all say manually edit files in slapd.d. That can't be the right way if openldap server is complaining about doing it.

Any site that says to edit files under slapd.d by hand is wrong and should be ignored. The man pages and admin guide are included *with the software itself*, in the tarball: why would you not start with those?

hope that helps,
Ryan