service slapd stop # stop the service mv /etc/ldap/slapd.d /root # move the cn=config configuration cp /usr/share/slapd/slapd.conf /etc/ldap/ # get new sample config # make changes to sample config so that it can work sed -i "s/@BACKEND@/hdb/" /etc/ldap/slapd.conf sed -i "s/@SUFFIX@/dc=acme,dc=org/" /etc/ldap/slapd.conf sed -i "s/# rootdn/rootdn/" /etc/ldap/slapd.conf # manually execute "slappasswd" on the command line to generate a root pw # then add the following line (without "#") after rootdn # rootpw <crypted password> sed -i "s/@ADMIN@/cn=admin,dc=acme,dc=org/" /etc/ldap/slapd.conf mv /var/lib/ldap/* /root # remove old config database service slapd start # start service againFurther configuration will be nessessary, e.g. TSL configuration and server tuning (make sure to define your indexe attributes). Also, I need to remember to user fqdns in the client request, as I learned from this post.
Freitag, 22. März 2013
Switching OpenLDAP from cn=config to slapd.conf
For a project with a client I needed to set up an OpenLDAP server, configured via traditional slapd.conf. Nowadays most linux distros ship their OpenLDAP servers preconfigured with a cn=config style configuration. That is, the server config itself is stored in a seperate branch of the directory. This makes things like replication much easier, but poses a burden on the admin, who needs to learn the new way of configuring OpenLDAP. So, in order to make my client happy, I switched the config style. It took me a little to figure it out, so here I repost my solution:
Abonnieren
Posts (Atom)