Hello,
I'm new to using OpenLDAP, and I'm having some trouble finding my way on 2.4 with cn=config. After a lot of trial and error, I finally got the initial ldif files setup to initialize the directory. I'll post the configurations below.
One of the peculiarities of my Fedora system is that it does not read my slapd.conf, which contains the initial admin password (for cn=admin,cn=config). Therefore, I manually launch slapd -f /etc/openldap/slapd.conf... and run my ldifs. That works great, and I setup regular user accounts. So far so good. Now that I'm done with initialization, I want to stop slapd and start it up with my service manager (systemd). I issue a `killall slapd` (no SIGKILL) or ^C if running with "-d 0" to stop the console session. There are no error messages.
Upon restart (either systemd or on the same console), the whole directory is wiped out and reverted back to default. Again, no errors in the system logs, and the only messages are slapd starting and any Apache Directory Studio or ldapsearch queries that I perform.
I have tripled checked all of the file permissions (and SELinux contexts) in /etc/openldap and /var/lib/ldap and cannot find any errors.
Could someone help me figure out why my data is purged on restart?
Here are the ldif files and commands that I run.
Slapd from console slapd -f /etc/openldap/slapd.conf -u ldap -d 0
1) Load the schemas for i in $(ls /etc/openldap/schema/*.ldif); do ldapadd -x -f $i -D "cn=admin,cn=config" -w secret; done
2) Load the "backend" config ldapadd -f /tmp/backend.ldif -D "cn=admin,cn=config" -x -w secret
dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulepath: /usr/lib/ldap olcModuleload: back_hdb
dn: olcDatabase=hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcSuffix: dc=my-application,dc=app olcDbDirectory: /var/lib/ldap olcRootDN: cn=admin,dc=my-application,dc=app olcRootPW: secret olcDbConfig: set_cachesize 0 2097152 0 olcDbConfig: set_lk_max_objects 1500 olcDbConfig: set_lk_max_locks 1500 olcDbConfig: set_lk_max_lockers 1500 olcDbIndex: objectClass eq olcLastMod: TRUE olcDbCheckpoint: 512 30 olcAccess: to attrs=userPassword by dn="cn=admin,dc=my-application,dc=app" write by anonymous auth by self write by * none olcAccess: to attrs=shadowLastChange by self write by users read olcAccess: to dn.base="" by users read olcAccess: to * by users write by users read
I know that those olcAccess rules aren't great, and I plan to fix them once I get past this problem.
3) "Frontend" Config ldapadd -f /tmp/frontend.ldif -D "cn=admin,dc=addressbook,dc=app" -x -w secret
dn: dc=my-application,dc=app objectClass: top objectClass: dcObject objectclass: domain dc: addressbook
dn: cn=admin,dc=my-application,dc=app objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword: secret
dn: dc=directory,dc=my-application,dc=app objectClass: top objectClass: domain dc: directory
Thanks, Justin