Hello all,
this is probably a really stupid question... But I cannot figure out how to start a freshly built slapd using only slapd-config configuration. I built and installed slapd 2.4.35:
./configure --prefix=$HOME/server/openldap --enable-modules --enable-overlays=mod --with-tls=openssl make depend make make test make install
After that I find a slapd.conf and slapd.ldif in $HOME/server/openldap/etc/openldap. As I understood from the administrator's guide the slapd.conf approach is deprecated and should not be used. So I renamed the slapd.conf to slapd.conf.ignore so it is not picked up by default as I think it would be. But
sudo $HOME/server/openldap/libexec/slapd -s any -F $HOME/server/openldap/etc/openldap/
logs
ldif_read_file: no entry file "/home/dpr/server/openldap/etc/openldap//cn=config.ldif"
and slapd is stopped immediatelly
sudo $HOME/server/openldap/libexec/slapd -s any -F $HOME/server/openldap/etc/openldap/ -f $HOME/server/openldap/etc/openldap/slapd.ldif
yields
/home/dpr/server/openldap/etc/openldap/slapd.ldif: line 5: unknown directive dn: outside backend info and database definitions.
and again the demon stops. The only way I got the demon to start is by using the default slapd.conf or with the -f option pointing to a slapd.conf file. Please advise.
Thanks! Ralf
On 2013.08.19 07.35, Steppacher Ralf wrote:
Hello all,
this is probably a really stupid question... But I cannot figure out how to start a freshly built slapd using only slapd-config configuration.
please see section 5 [configuring slapd] of the administrator's guide. also see man 5 slapd-config and man 8 slaptest
-ben
Ben,
I re-read those sections. But they only describe how to convert a pre-existing slapd.conf file. So, to bootstrap slapd I created a minimal slapd.conf with just the config database and a rootdn/pw for it and converted that with slaptest. But I find it a bit awkward that slapd.conf should be mandatory to get started, but at the same time is declared deprecated in chapter 5 of the administrator's guide.
Thanks anyway! Ralf
________________________________________ From: openldap-technical-bounces@OpenLDAP.org [openldap-technical-bounces@OpenLDAP.org] on behalf of btb [btb@bitrate.net] Sent: Monday, August 19, 2013 13:57 To: openldap-technical@openldap.org Subject: Re: How to start slapd without slapd.conf?
On 2013.08.19 07.35, Steppacher Ralf wrote:
Hello all,
this is probably a really stupid question... But I cannot figure out how to start a freshly built slapd using only slapd-config configuration.
please see section 5 [configuring slapd] of the administrator's guide. also see man 5 slapd-config and man 8 slaptest
-ben
Steppacher Ralf wrote:
Ben,
I re-read those sections. But they only describe how to convert a
pre-existing slapd.conf file. So, to bootstrap slapd I created a minimal slapd.conf with just the config database and a rootdn/pw for it and converted that with slaptest. But I find it a bit awkward that slapd.conf should be mandatory to get started, but at the same time is declared deprecated in chapter 5 of the administrator's guide.
slapd.conf is not mandatory. Only a few lines of LDIF are needed to bootstrap.
This is a minimal slapd.ldif that you can use; it's also provided in the test suite as data/slapd-dynamic.ldif:
#### dn: cn=config objectClass: olcGlobal cn: config
dn: olcDatabase=config,cn=config objectClass: olcDatabaseConfig olcDatabase: config olcRootPW: SuperSecret
####
Thanks anyway! Ralf
From: openldap-technical-bounces@OpenLDAP.org [openldap-technical-bounces@OpenLDAP.org] on behalf of btb [btb@bitrate.net] Sent: Monday, August 19, 2013 13:57 To: openldap-technical@openldap.org Subject: Re: How to start slapd without slapd.conf?
On 2013.08.19 07.35, Steppacher Ralf wrote:
Hello all,
this is probably a really stupid question... But I cannot figure out how to start a freshly built slapd using only slapd-config configuration.
please see section 5 [configuring slapd] of the administrator's guide. also see man 5 slapd-config and man 8 slaptest
-ben
And how to use such a bootstrap LDIF? Starting slapd with -f pointing to the LDIF does not work. That is what I have been looking for and could not find. Another thing I have been wandering about: What is the rootDN if it is not set in a bootstrap LDIF like the one below?
Thanks! Ralf ________________________________________ From: Howard Chu [hyc@symas.com] Sent: Tuesday, August 20, 2013 13:28 To: Steppacher Ralf; openldap-technical@openldap.org Subject: Re: How to start slapd without slapd.conf?
Steppacher Ralf wrote:
Ben,
I re-read those sections. But they only describe how to convert a
pre-existing slapd.conf file. So, to bootstrap slapd I created a minimal slapd.conf with just the config database and a rootdn/pw for it and converted that with slaptest. But I find it a bit awkward that slapd.conf should be mandatory to get started, but at the same time is declared deprecated in chapter 5 of the administrator's guide.
slapd.conf is not mandatory. Only a few lines of LDIF are needed to bootstrap.
This is a minimal slapd.ldif that you can use; it's also provided in the test suite as data/slapd-dynamic.ldif:
#### dn: cn=config objectClass: olcGlobal cn: config
dn: olcDatabase=config,cn=config objectClass: olcDatabaseConfig olcDatabase: config olcRootPW: SuperSecret
####
Thanks anyway! Ralf
From: openldap-technical-bounces@OpenLDAP.org [openldap-technical-bounces@OpenLDAP.org] on behalf of btb [btb@bitrate.net] Sent: Monday, August 19, 2013 13:57 To: openldap-technical@openldap.org Subject: Re: How to start slapd without slapd.conf?
On 2013.08.19 07.35, Steppacher Ralf wrote:
Hello all,
this is probably a really stupid question... But I cannot figure out how to start a freshly built slapd using only slapd-config configuration.
please see section 5 [configuring slapd] of the administrator's guide. also see man 5 slapd-config and man 8 slaptest
-ben
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
2013/8/20 Steppacher Ralf ralf.steppacher@derivativepartners.com
And how to use such a bootstrap LDIF? Starting slapd with -f pointing to the LDIF does not work. That is what I have been looking for and could not find. Another thing I have been wandering about: What is the rootDN if it is not set in a bootstrap LDIF like the one below?
Here is a little documentation on how initialize your cn=config from the LDIF :
http://www.linid.org/projects/linid-om/wiki#Initialize-your-OpenLDAP-server
Clément.
Clément, thanks a bunch! That is what I have been looking for. Answers both of my questions below.
Ralf
________________________________ From: Clément OUDOT [clem.oudot@gmail.com] Sent: Tuesday, August 20, 2013 14:27 To: Steppacher Ralf Cc: openldap-technical@openldap.org Subject: Re: How to start slapd without slapd.conf?
2013/8/20 Steppacher Ralf <ralf.steppacher@derivativepartners.commailto:ralf.steppacher@derivativepartners.com> And how to use such a bootstrap LDIF? Starting slapd with -f pointing to the LDIF does not work. That is what I have been looking for and could not find. Another thing I have been wandering about: What is the rootDN if it is not set in a bootstrap LDIF like the one below?
Here is a little documentation on how initialize your cn=config from the LDIF :
http://www.linid.org/projects/linid-om/wiki#Initialize-your-OpenLDAP-server
Clément.
On 2013.08.20 07.59, Steppacher Ralf wrote:
And how to use such a bootstrap LDIF? Starting slapd with -f pointing to the LDIF does not work. That is what I have been looking for and could not find.
read man 5 slapd-config [this is referenced from section 5 of the admin guide]. specifically, see the examples section, wherein slapadd is referenced.
with slapd-config, the slapd configuration is stored in an ldap database. ergo, just as you would use slapadd [and reference a given ldif file] to create any other database for use with openldap, you do the same for the config database.
further, from section 5.4 of the admin guide, "You can then discard the old slapd.conf(5) file. Make sure to launch slapd(8) with the -F option to specify the configuration directory if you are not using the default directory path."
this quite clearly implies that with the new config style, you are to use -F, *not* -f, right? looking at man 8 slapd, -F says "Specifies the slapd configuration directory". obviously an ldif file is not a directory.
Another thing I have been wandering about: What is the rootDN if it is not set in a bootstrap LDIF like the one below?
then there will be no root dn attribute in the resulting configuration [this means no olcrootdn attribute]. again, see man 5 slapd-config for information on the olcrootdn attribute.
in my opinion, all of the documentation is there.
-ben
On 20.08.2013 13:28, Howard Chu wrote:
This is a minimal slapd.ldif that you can use; it's also provided in the test suite as data/slapd-dynamic.ldif:
*rant* Because it is totally intuitive to put a default starting configuration LDIF file in the sources tests folder and put a deprecated configuration file in the installed application folder instead of generating a default cn=config backend at installation time. */rant*
In earnest, can this be changed so slapd actually installs as a runnable program without having to do convert the old config file or load an ldif manually? Or am I overlooking $DESIGNPRINCIPLE here?
have a nice day
On 2013.08.20 03.17, Steppacher Ralf wrote:
Ben,
I re-read those sections. But they only describe how to convert a pre-existing slapd.conf file. So, to bootstrap slapd I created a minimal slapd.conf with just the config database and a rootdn/pw for it and converted that with slaptest. But I find it a bit awkward that slapd.conf should be mandatory to get started, but at the same time is declared deprecated in chapter 5 of the administrator's guide.
Thanks anyway! Ralf
i guess you could call that "getting started", for some value of getting started, but ultimately, the knowledge has to come from somewhere.
once you use slaptest to convert slapd.conf to a config database, you can use slapcat to dump that config database to an ldif. if you do this with a minimal config, then that's what you'll get - a minimal ldif you can use for setting up a system. at that point, you no longer need slapd.conf or slaptest any longer. that's a one time exercise. keep config.ldif somewhere safe, just as you'd keep a sample slapd.conf somewhere, and when you set up a server, a simple slapadd command referencing config.ldif is all that is needed. from that point on, that is the extent of any bootstrapping.
-ben
openldap-technical@openldap.org
-
Bernd May -
btb -
Clément OUDOT -
Howard Chu -
Steppacher Ralf