Basic openldap setup using slapd.d configuration

openldapslapd

I'm trying to set up a test openldap server, having not worked with openldap before. I'm using the standard openldap-servers package on a redhat based machine (using Oracle Linux). I've installed the packages, and started the server.

I now have no idea how to actually get the server to do something useful; I can't browse to it using luma ('No such object' when trying to access the top-level entry), the openldap docs are obtuse as to how you actually get a server to a basic working confuration, and all the information online is for the old slapd.conf file rather the new slapd.d and cn=config.

How do I get a vanilla packaged openldap install working where I can browse to the root dn in luma?

Best Answer

I feel your pain.

Try this (it's tested on Scientific Linux 6.5, so it should work on OL as well):

  • Install OpenLDAP servers: yum install openldap-servers openldap-clients)
  • start slapd: service slapd start (and maybe chkconfig slapd on)
  • Create passwords for cn=config and your normal LDAP admin user with slappasswd. Note the output of this.
  • Create an LDIF file with the following content:
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}TXcmvaldskl312012cKsPK1cY2321+aj

dn: olcDatabase={2}bdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}TXcmvaldskl312012cKsPK1cY2321+aj
-
replace: olcRootDN
olcRootDN: cn=admin,dc=your,dc=base,dc=com
-
replace: olcSuffix
olcSuffix: dc=your,dc=base,dc=com
  • The values for olcRootPW should be replaced with the output of slappaswd your noted earlier.
  • Naturally, olcSuffix and olcRootDN should be adapted to your new base DN.
  • Feed all this to the LDAP server with the following command:

    ldapmodify -a -Q -Y EXTERNAL -H ldapi:/// -f yourfile.ldif

Afer that, you should be able to connect to both cn=config and dc=your,dc=base,dc=com via LDAP.

Related Topic