On 26/07/2010 13:10, Zhang Weiwu wrote:
With Ubuntu 10.04, slapd is shipped by default using slapd.d configuration instead of slapd.conf. Referring to the document [1] I believe adding a new database should be as simple as adding a new file in slapd.d/cn=config/
One would usually add the new configuration object via LDAP, rather than by modifying the database files. This is the point of cn=config. However, adding files may work also...
But it doesn't work for me. Behavior explained below:
I created this new database definition by copying example [2]:
# cat "/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb" # BDB definition for example.com dn: olcDatabase={1}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcSuffix: "dc=test,dc=com" olcDbDirectory: /var/lib/ldap olcRootDN: "cn=Manager,dc=test,dc=com" olcRootPW: secret olcDbIndex: uid pres,eq olcDbIndex: cn,sn,uid pres,eq,approx,sub olcDbIndex: objectClass eq olcAccess: to attrs=userPassword by self write by anonymous auth by dn.base="cn=Admin,dc=test,dc=com" write by * none olcAccess: to * by self write by dn.base="cn=Admin,dc=test,dc=com" write by * read
According to my experience of using slapd.conf in the last five years, if I restart slapd, I should see DB_CONFIG and a few other files created in DB directory. But this is not happening this time.
The DB_CONFIG file will only be created if you have used the parameter olcDbConfig (dbconfig in slapd.conf).
The file should be named /etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif.
root@orphalese:~# ls -dlh /var/lib/ldap drwxr-x--- 2 openldap openldap 4.0K Jun 12 10:36 /var/lib/ldap root@orphalese:~# ls -lh /var/lib/ldap total 0
Quesiton: 1) did I do anything wrong? 2) What would you future suggest me to check?
List of what I have checked:
Adding entry to the newly created database also doesn't work:
# slapadd -b dc=test,dc=com < /tmp/first.ldif slapadd: slap_init no backend for "dc=test,dc=com"
I checked syslog with LogLevel set to 255, end up with a lot of details in syslog but none mentioning keyword 'hdb'.
I recommend using loglevel config to see debugging information related to configuration issues. If your file is not read, the hdb database won't appear in the output...
The above experiment is re-done with hdb replaced with bdb without luck neither.
Authentication also fails: $ ldapsearch -x -D cn=Manager,dc=test,dc=com -w secret ldap_bind: Invalid credentials (49)
I also checked to make sure slapd.conf doesn't exist.
I also checked there is only one slapd.d directory and slapd is using the same slapd.d that I am editing, by the fact I changed LogLevel in cn=config.ldif and it has vivid effect on syslog.
[1] http://www.openldap.org/doc/admin24/slapdconf2.html [2] The 'example' is "/etc/ldap/slapd.d/cn=config/olcDatabase=bdb" shipped with Ubuntu:
# cat "/etc/ldap/slapd.d/cn=config/olcDatabase=bdb" # BDB definition for example.com dn: olcDatabase=bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDatabase: bdb olcSuffix: "dc=example,dc=com" olcDbDirectory: /usr/local/var/openldap-data olcRootDN: "cn=Manager,dc=example,dc=com" olcRootPW: secret olcDbIndex: uid pres,eq olcDbIndex: cn,sn,uid pres,eq,approx,sub olcDbIndex: objectClass eq olcAccess: to attrs=userPassword by self write by anonymous auth by dn.base="cn=Admin,dc=example,dc=com" write by * none olcAccess: to * by self write by dn.base="cn=Admin,dc=example,dc=com" write by * read