Ldap – Change location where LDAP data is stored

centos7ldapopenldap

I'm running an openLDAP server version 2.4.40 on CentOS 7. LDAP is going to be configured using online conf option (olc). Thanks to this question, I know that slapd's database files are in /var/lib/ldap.

I'm trying to run an openLDAP server on a linux box as read-only OS partition and another partition for persistent data. I will be able to install and configure openLDAP on the OS partition, but will lose access to it after configuring it.

Question: Is it possible to change the location LDAP reads/writes data from /var/lib/ldap to somewhere on the persistent data partition?

Best Answer

I used to move the default database of openldap after each new setup.

The steps I do when I want to move a database :

Stop slapd

sudo service slapd stop

slapcat the content of the cn=config branch in a LDIF file

sudo slapcat -b cn=config > /tmp/config.ldif

Copy the /var/lib/ldap directory wherever you want it
Make sure the user openldap owns the new directory and all the files inside
Edit the previously exported LDIF to modify the olcDbDirectory to the new location
Import the LDIF (Make sure the /etc/ldap/slapd.d is empty before doing this)

sudo rm -r /etc/ldap/slapd.d/*
sudo slapadd -F /etc/ldap/slapd.d -b cn=config -l /tmp/config.ldif

Make sure the /etc/ldap/slapd.d and all its content is owned by openldap

sudo chown -R openldap:openldap /etc/ldap/slapd.d/

Edit needed configuration to allow Slapd to use this new database directory

For example, with apparmor, edit the file /etc/apparmor.d/usr.sbin.slapd and add the following lines:

/path/to/new/db/ r,
/path/to/new/db/** rwk,

Restart apparmor and slapd

sudo service apparmor restart
sudo service slapd start

Usually it does the trick. It's also how I backup the configuration of my openldap instances.

Best Answer

Related Solutions

Mysql – How Do I Configure OpenLDAP to use MySQL (Ubuntu 9.04)

OpenLDAP on Ubuntu Dying for Unknown Reasons – Troubleshooting

Related Topic