Hello,
I'm new to using OpenLDAP, and I'm having some trouble finding my way
on 2.4 with cn=config. After a lot of trial and error, I finally got
the initial ldif files setup to initialize the directory. I'll post
the configurations below.
One of the peculiarities of my Fedora system is that it does not read
my slapd.conf, which contains the initial admin password (for
cn=admin,cn=config). Therefore, I manually launch slapd -f
/etc/openldap/slapd.conf... and run my ldifs. That works great, and I
setup regular user accounts. So far so good. Now that I'm done with
initialization, I want to stop slapd and start it up with my service
manager (systemd). I issue a `killall slapd` (no SIGKILL) or ^C if
running with "-d 0" to stop the console session. There are no error
messages.
Upon restart (either systemd or on the same console), the whole
directory is wiped out and reverted back to default. Again, no errors
in the system logs, and the only messages are slapd starting and any
Apache Directory Studio or ldapsearch queries that I perform.
I have tripled checked all of the file permissions (and SELinux
contexts) in /etc/openldap and /var/lib/ldap and cannot find any
errors.
Could someone help me figure out why my data is purged on restart?
Here are the ldif files and commands that I run.
Slapd from console
slapd -f /etc/openldap/slapd.conf -u ldap -d 0
1) Load the schemas
for i in $(ls /etc/openldap/schema/*.ldif); do ldapadd -x -f $i -D
"cn=admin,cn=config" -w secret; done
2) Load the "backend" config
ldapadd -f /tmp/backend.ldif -D "cn=admin,cn=config" -x -w secret
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: back_hdb
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcSuffix: dc=my-application,dc=app
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=admin,dc=my-application,dc=app
olcRootPW: secret
olcDbConfig: set_cachesize 0 2097152 0
olcDbConfig: set_lk_max_objects 1500
olcDbConfig: set_lk_max_locks 1500
olcDbConfig: set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcAccess: to attrs=userPassword by
dn="cn=admin,dc=my-application,dc=app" write by anonymous auth by self
write by * none
olcAccess: to attrs=shadowLastChange by self write by users read
olcAccess: to dn.base="" by users read
olcAccess: to * by users write by users read
I know that those olcAccess rules aren't great, and I plan to fix them
once I get past this problem.
3) "Frontend" Config
ldapadd -f /tmp/frontend.ldif -D "cn=admin,dc=addressbook,dc=app" -x -w secret
dn: dc=my-application,dc=app
objectClass: top
objectClass: dcObject
objectclass: domain
dc: addressbook
dn: cn=admin,dc=my-application,dc=app
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: secret
dn: dc=directory,dc=my-application,dc=app
objectClass: top
objectClass: domain
dc: directory
Thanks,
Justin