Today I upgraded an OpenLDAP 2.3.x running on an aging custom Linux distro to a brand new Ubuntu 10.04 LTS with OpenLDAP 2.4.x.<\/p>\n
I was surprised by the lack of a `slapd.conf’ config file, which is replaced by a `cn=config’ subdir, with a bunch of .ldif files in it.<\/p>\n
You’ll find the documentation for this new config layout there : http:\/\/www.openldap.org\/doc\/admin24\/slapdconf2.html<\/p>\n
This is in fact a rewrite of the usual`slapd.conf’ directives with a LDIF notation.<\/p>\n
So here is a quick overview to create the first database.<\/p>\n
<\/p>\n
– Load de bdb backend module:<\/p>\n
\r\n# cat <<EOF > \/etc\/ldap\/slapd.d\/cn=config\/cn=module.ldif\r\ndn: cn=module\r\nobjectClass: olcModuleList\r\ncn: module\r\nolcModulepath: \/usr\/lib\/ldap\r\nolcModuleload: back_bdb<\/pre>\n– Declare and prepare your database:<\/p>\n
\r\n# mkdir -p \/var\/lib\/ldap\/dc=example,dc=net\r\n# chown openldap: \/var\/lib\/ldap\/dc=example,dc=net\r\n\r\n# cat <<EOF > \/etc\/ldap\/slapd.d\/cn=config\/olcDatabase={0}bdb.ldif\r\ndn: olcDatabase=bdb\r\nobjectClass: olcDatabaseConfig\r\nobjectClass: olcBdbConfig\r\nolcDatabase: bdb\r\nolcDbDirectory: \/var\/lib\/ldap\/dc=example,dc=net\r\nolcSuffix: dc=example,dc=net\r\nolcRootDN: cn=Manager,dc=example,dc=net\r\nolcRootPW: {SSHA}FoViJYh9j7H4vw9ELVXzhKuXEMJwXOzJ\r\nolcDbIndex: objectClass eq,pres\r\nolcDbIndex: ou,sn,cn,mail,givenName eq,pres,sub\r\nolcAccess: to dn.regex=\"^ou=([^,]*),dc=people,(.*)$\"\r\n by dn.regex=\"uid=$1,dc=users,$2\" read\r\n by group.expand=\"cn=$1,dc=people,$2\" read by * none\r\nolcAccess: to dn.regex=\"^uid.*,ou=([^,]*),dc=people,(.*)$\"\r\n by dn.regex=\"uid=$1,dc=users,$2\" read\r\n by group.expand=\"cn=$1,dc=people,$2\" read\r\n by * none\r\nolcAccess: to attrs=userPassword\r\n by anonymous auth\r\n by self read\r\n by * none\r\nolcAccess: to *\r\n by dn=\"cn=Manager,dc=example,dc=net\" write\r\n by anonymous read\r\n by * read<\/pre>\n– Activate the \u00ab\u00a0cosine\u00a0\u00bb, \u00ab\u00a0nis\u00a0\u00bb and \u00ab\u00a0inetorgperson\u00a0\u00bb schema:<\/p>\n
# ldapadd -Y EXTERNAL -H ldapi:\/\/\/ -f \/etc\/ldap\/schema\/cosine.ldif\r\n# ldapadd -Y EXTERNAL -H ldapi:\/\/\/ -f \/etc\/ldap\/schema\/nis.ldif\r\n# ldapadd -Y EXTERNAL -H ldapi:\/\/\/ -f \/etc\/ldap\/schema\/inetorgperson.ldif<\/pre>\n– Check your configuration by running `slapd’ manually with debug:<\/p>\n
# slapd -d 3 -h 'ldap:\/\/\/ ldapi:\/\/\/' -g openldap -u openldap -F \/etc\/ldap\/slapd.d\/<\/pre>\n– Dump your data on the old server with `slapcat’:<\/p>\n
# slapcat -b dc=example,dc=net -l dump.ldif<\/pre>\n– Load the dumped data on the new server with `slapadd’:<\/p>\n
# slapadd -b dc=example,dc=net -l dump.ldif<\/pre>\n– Restart LDAP on new server:<\/p>\n
# \/etc\/init.d\/slapd start<\/pre>\n– Do a `ldapsearch’ to test that everything is present:<\/p>\n
# ldapsearch -H ldapi:\/\/\/ -b dc=example,dc=net -D cn=Manager,dc=example,dc=net -W -x<\/pre>\n","protected":false},"excerpt":{"rendered":"Today I upgraded an OpenLDAP 2.3.x running on an aging custom Linux distro to a brand new Ubuntu 10.04 LTS with OpenLDAP 2.4.x. I was surprised by the lack of a `slapd.conf’ config file, which is replaced by a `cn=config’ … Continuer la lecture