I may have this totally wrong but why is there no installation documentation that tells somebody how to setup OpenLDAP the right way. After installing OpenLDAP you have no slapd.conf file so that direction is not happening. If you modify any file in the slapd.d directory, startup will complain about bad checksum. Yes I know you can regenerate the checksum and fix that but why? I can't find any where that tells you how to modify the base dn, rootdn, and root password without editing the files in the slapd.d manually. Am I missing something? I have check Google, Youtube, and other places and they all say manually edit files in slapd.d. That can't be the right way if openldap server is complaining about doing it.
Sherman Lilly
--On Friday, November 13, 2015 2:29 PM +0000 Sherman Lilly Sherman.Lilly@knoxcounty.org wrote:
I may have this totally wrong but why is there no installation documentation that tells somebody how to setup OpenLDAP the right way. After installing OpenLDAP you have no slapd.conf file so that direction is not happening. If you modify any file in the slapd.d directory, startup will complain about bad checksum. Yes I know you can regenerate the checksum and fix that but why? I can't find any where that tells you how to modify the base dn, rootdn, and root password without editing the files in the slapd.d manually. Am I missing something? I have check Google, Youtube, and other places and they all say manually edit files in slapd.d. That can't be the right way if openldap server is complaining about doing it.
ldapmodify
--Quanah
--
Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Hello Sherman,
On Fri, Nov 13, 2015 at 02:29:05PM +0000, Sherman Lilly wrote:
I may have this totally wrong but why is there no installation documentation that tells somebody how to setup OpenLDAP the right way.
http://www.openldap.org/doc/admin24/
http://www.openldap.org/doc/admin24/slapdconf2.html
If you deployed OpenLDAP from a distribution package, you could also check whether your distribution provides documentation about their specific setup, which may have some additional or differing best practices compared to the above. For example, Ubuntu:
https://help.ubuntu.com/lts/serverguide/openldap-server.html
file:///usr/share/doc/slapd/README.Debian.gz (online: http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/wily/openldap/wily/view/...)
or Red Hat:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/htm...
After installing OpenLDAP you have no slapd.conf file so that direction is not happening. If you modify any file in the slapd.d directory, startup will complain about bad checksum.
Well, yes. As the files themselves say: "DO NOT EDIT!! Use ldapmodify." We can't really help if you decide to ignore that recommendation.
I can't find any where that tells you how to modify the base dn, rootdn, and root password without editing the files in the slapd.d manually.
Those parameters are touched on briefly the admin guide, above. Look for olcRootDN, olcRootPW, and olcSuffix. The slapd-config(5) man page is a more comprehensive reference for configuration directives.
Am I missing something? I have check Google, Youtube, and other places and they all say manually edit files in slapd.d. That can't be the right way if openldap server is complaining about doing it.
Any site that says to edit files under slapd.d by hand is wrong and should be ignored. The man pages and admin guide are included *with the software itself*, in the tarball: why would you not start with those?
hope that helps, Ryan
Hi Sherman,
I am also beginner ... I advise you to use this tutorial https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-a-basic-ldap-server-on-an-ubuntu-12-04-vps .
Regards,
2015-11-13 15:29 GMT+01:00 Sherman Lilly Sherman.Lilly@knoxcounty.org:
I may have this totally wrong but why is there no installation documentation that tells somebody how to setup OpenLDAP the right way. After installing OpenLDAP you have no slapd.conf file so that direction is not happening. If you modify any file in the slapd.d directory, startup will complain about bad checksum. Yes I know you can regenerate the checksum and fix that but why? I can't find any where that tells you how to modify the base dn, rootdn, and root password without editing the files in the slapd.d manually. Am I missing something? I have check Google, Youtube, and other places and they all say manually edit files in slapd.d. That can't be the right way if openldap server is complaining about doing it.
Sherman Lilly
Lets try this out. Ubuntu apparently has gotten it together and fixed the issue with dpkg-reconfigure. Red Hat has not. And wouldn't you guess I am using Red Hat. I looked at the Red Hat documentation and it is exactly what I am fed up with. Convert slapd.conf is the wrong way.
I have started slapd and tried running ldapmodify with the LDIF below and I get an error.
dn: olcDatabase={1}hdb,cn=config changetype: modify replace: olcSuffix olcSuffix: dc=lillyrnd,dc=org
Error
[root@here ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f setup.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "olcDatabase={1}hdb,cn=config" ldap_modify: No such object (32) matched DN: cn=config
Sherman Lilly
________________________________ From: David Gabriel [davidgab283@gmail.com] Sent: Monday, November 16, 2015 3:35 AM To: Sherman Lilly Cc: OpenLDAP, Technical [openldap-technical@openldap.org] Subject: Re: OpenLDAP installation. Am I missing something?
Hi Sherman,
I am also beginner ... I advise you to use this tutorialhttps://www.digitalocean.com/community/tutorials/how-to-install-and-configure-a-basic-ldap-server-on-an-ubuntu-12-04-vps.
Regards,
2015-11-13 15:29 GMT+01:00 Sherman Lilly <Sherman.Lilly@knoxcounty.orgmailto:Sherman.Lilly@knoxcounty.org>: I may have this totally wrong but why is there no installation documentation that tells somebody how to setup OpenLDAP the right way. After installing OpenLDAP you have no slapd.conf file so that direction is not happening. If you modify any file in the slapd.d directory, startup will complain about bad checksum. Yes I know you can regenerate the checksum and fix that but why? I can't find any where that tells you how to modify the base dn, rootdn, and root password without editing the files in the slapd.d manually. Am I missing something? I have check Google, Youtube, and other places and they all say manually edit files in slapd.d. That can't be the right way if openldap server is complaining about doing it.
Sherman Lilly
--On Monday, November 16, 2015 4:32 PM +0000 Sherman Lilly Sherman.Lilly@knoxcounty.org wrote:
Lets try this out. Ubuntu apparently has gotten it together and fixed the issue with dpkg-reconfigure. Red Hat has not. And wouldn't you guess I am using Red Hat. I looked at the Red Hat documentation and it is exactly what I am fed up with. Convert slapd.conf is the wrong way.
Don't use RedHat's builds, they have numerous issues. You should start with the LTB project builds, or if you need support, contact Symas and use their builds.
--Quanah
--
Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Thanks. The LTB project was much easier.
Sherman Lilly (865) 215-3536 Senior Systems Administrator Knox County
________________________________________ From: Quanah Gibson-Mount [quanah@zimbra.com] Sent: Monday, November 16, 2015 7:01 PM To: Sherman Lilly; OpenLDAP, Technical [openldap-technical@openldap.org] Subject: RE: OpenLDAP installation. Am I missing something?
--On Monday, November 16, 2015 4:32 PM +0000 Sherman Lilly Sherman.Lilly@knoxcounty.org wrote:
Lets try this out. Ubuntu apparently has gotten it together and fixed the issue with dpkg-reconfigure. Red Hat has not. And wouldn't you guess I am using Red Hat. I looked at the Red Hat documentation and it is exactly what I am fed up with. Convert slapd.conf is the wrong way.
Don't use RedHat's builds, they have numerous issues. You should start with the LTB project builds, or if you need support, contact Symas and use their builds.
--Quanah
--
Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
David Gabriel -
Quanah Gibson-Mount -
Ryan Tandy -
Sherman Lilly