The error message indicates that the back_hdb
module is already included into the configuration. You can verify this with the command
cat /etc/ldap/slapd.d/cn\=config/cn\=module\{0\}.ldif
If this includes lines similar to the following, it's already included:
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb
If this is the case, just remove the first six lines from your backend.ldif
and try again.
If you want to start from scratch, you can use the command
apt-get purge slapd ldap-utils
to get rid of the complete ldap installation including all data files.
After that, you will need to reinstall OpenLDAP with the corresponding command
apt-get install slapd ldap-utils
BTW, I just followed this tutorial (while using all default values from their script) and this worked fine on a freshly created Lucid VM.
Edit
OK, in your other post you talked about 10.04. In fact, the auto configuration in 11.04 for slapd
is much better when compared to 10.04. What it does for you is everything in the tutorial concerning the schema files and the backend.ldif and even a part from the frontend: You can remove the following lines from the fronted.ldif and try to continue from there:
# Create top-level object in domain
dn: dc=tuxnetworks,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: Tuxnetworks
dc: Tuxnetworks
description: LDAP Server
# Admin user.
dn: cn=admin,dc=tuxnetworks,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: mypassword
Some further hint: The backend configuration of OpenLDAP (cn=config
) is nothing more than a collection of LDIF files in a filesystem structure equivalent to the LDAP structure. You can browse it yourself in /etc/ldap/slapd.d
. 10.04 had the bare minimum there to get slapd
working, while 11.04 prepared everything so that you can start right off.
Best Answer
There are two ways to edit the
cn=config
date: directly and indirectly. Indirect uses normal ldap tools, such as ldapmodify and ldapsearch, which provides the simplest and most logical approach. HOWEVER, many distros use SASL to restrict access to just the root user on the local box. Assuming, you have a preconfigured instance, you can easily change this:Enabling external access to cn=config
sudo -i
/su -
Create a new password:
Prepare
auth.ldif
. ReplaceolcRootPW
with your password hash from last commandImport LDIF:
You may now connect externally (assuming you have network access), using any LDAP client. E.g.
Direct Mode
In direct mode, you can edit the cn=config database (and any other database), even if
slapd
is down. This is through the use ofslapadd
andslapcat
tools. You must pass the database suffix. For example:IMHO, direct mode is best used when you know the exact LDIF you need to apply. I rarely do, so I tend to use normal LDAP tools to add, replace, and delete configuration on the fly.