The error message indicates that the back_hdb
module is already included into the configuration. You can verify this with the command
cat /etc/ldap/slapd.d/cn\=config/cn\=module\{0\}.ldif
If this includes lines similar to the following, it's already included:
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb
If this is the case, just remove the first six lines from your backend.ldif
and try again.
If you want to start from scratch, you can use the command
apt-get purge slapd ldap-utils
to get rid of the complete ldap installation including all data files.
After that, you will need to reinstall OpenLDAP with the corresponding command
apt-get install slapd ldap-utils
BTW, I just followed this tutorial (while using all default values from their script) and this worked fine on a freshly created Lucid VM.
Edit
OK, in your other post you talked about 10.04. In fact, the auto configuration in 11.04 for slapd
is much better when compared to 10.04. What it does for you is everything in the tutorial concerning the schema files and the backend.ldif and even a part from the frontend: You can remove the following lines from the fronted.ldif and try to continue from there:
# Create top-level object in domain
dn: dc=tuxnetworks,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: Tuxnetworks
dc: Tuxnetworks
description: LDAP Server
# Admin user.
dn: cn=admin,dc=tuxnetworks,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: mypassword
Some further hint: The backend configuration of OpenLDAP (cn=config
) is nothing more than a collection of LDIF files in a filesystem structure equivalent to the LDAP structure. You can browse it yourself in /etc/ldap/slapd.d
. 10.04 had the bare minimum there to get slapd
working, while 11.04 prepared everything so that you can start right off.
Figured out that it's probably better to just do it the bdb.ldif way. What I did was like the above, but I made a few changes.
olcAccess: {0}to attrs=userPassword,shadowLastChange,loginShell by dn="cn=manager,dc=bromosapien,dc=net" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=manager,dc=bromosapien,dc=net" write by group.exact="cn=LDAPADMIN,ou=Group,dc=bromosapien,dc=net" write by * read
What I did instead was, I labeled each line with braces and a number. I also added the ability for a user to change their login shell (because I allow Bash, ksh, and zsh, we default to bash). I then created a groupOfNames container inside of the Group OU. Like this.
dn: cn=LDAPADMIN,ou=Group,dc=bromosapien,dc=net
objectClass: groupOfNames
objectClass: top
cn: LDAPADMIN
member: uid=zera,ou=People,dc=angelsofclockwork,dc=net
member: uid=sithlord,ou=People,dc=angelsofclockwork,dc=net
Of course, this requires the memberOf overlay.
The memberOf overlay I used is below:
% vi modules.ldif
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /usr/lib64/openldap
olcModuleLoad: memberof
% vi memberof.ldif
dn: olcOverlay=memberof,olcDatabase={2}bdb,cn=config
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: olcConfig
objectClass: top
olcOverlay: memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf
Best Answer
This is because the line continuation in the ldif file removes the first space and the attribute is considered to be:
{0}to *by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" writeby * none
(which is invalid)So, put an extra space in front of the line continuations: