Hello,
I am trying to set up OpenLDAP on Arch Linux on my server, following instruction on Arch Wiki[1]. I prepared the config.ldif file, replacing every $BASEDN and $PASSWD in the example configuration:
# The root config entry dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /run/openldap/slapd.args olcPidFile: /run/openldap/slapd.pid
# Schemas dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema
# TODO: Include further schemas as necessary include: file:///etc/openldap/schema/core.ldif
# The config database dn: olcDatabase=config,cn=config objectClass: olcDatabaseConfig olcDatabase: config olcRootDN: cn=Manager,dc=example,dc=com
# The database for our entries dn: olcDatabase=mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: mdb olcSuffix: dc=example,dc=com olcRootDN: cn=Manager,dc=example,dc=com olcRootPW: {SSHA}xZqSQN4wG4+C5I57dB/Qm02vJ+kQcwd7 olcDbDirectory: /var/lib/openldap/openldap-data # TODO: Create further indexes olcDbIndex: objectClass eq
Then I executed the following command:
sudo -u ldap slapadd -n 0 -F /etc/openldap/slapd.d/ -l ./config.ldif
This gave me the following error:
invalid config directory /etc/openldap/slapd.d/, error 2 slapadd: bad configuration directory!
I checked that the directory did not exist, so I created it and changed owner to `ldap`. The wiki page did not mention that the directory should be created earlier, so maybe it should have been created by a post installation script. If that's the case, I will report it to package maintainers.
After I created the directory, I ran the command again, this time having a different error message:
slapadd: could not add entry dn="cn=config" (line=1): Closing DB...
I have no idea what is wrong now and I cannot find anything useful on the internet. Does anyone have an idea what I may be doing wrong here?
Cezary Drozak cezary@drozak.net schrieb am 16.06.2022 um 22:42 in Nachricht
3a3f4745-56fc-91c5-0f0e-2cce6a4734dd@drozak.net:
Hello,
I am trying to set up OpenLDAP on Arch Linux on my server, following instruction on Arch Wiki[1]. I prepared the config.ldif file, replacing every $BASEDN and $PASSWD in the example configuration:
# The root config entry dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /run/openldap/slapd.args olcPidFile: /run/openldap/slapd.pid # Schemas dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema # TODO: Include further schemas as necessary include: file:///etc/openldap/schema/core.ldif # The config database dn: olcDatabase=config,cn=config objectClass: olcDatabaseConfig olcDatabase: config olcRootDN: cn=Manager,dc=example,dc=com # The database for our entries dn: olcDatabase=mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: mdb olcSuffix: dc=example,dc=com olcRootDN: cn=Manager,dc=example,dc=com olcRootPW: {SSHA}xZqSQN4wG4+C5I57dB/Qm02vJ+kQcwd7 olcDbDirectory: /var/lib/openldap/openldap-data # TODO: Create further indexes olcDbIndex: objectClass eqThen I executed the following command:
sudo -u ldap slapadd -n 0 -F /etc/openldap/slapd.d/ -l ./config.ldif
I think you (or the instructions) are mixing conf-syntax with config-syntax. IMHO olc* is config-syntax. See "man slapd.conf" vs. "man slapd-config".
Regards, Ulrich
This gave me the following error:
invalid config directory /etc/openldap/slapd.d/, error 2 slapadd: bad configuration directory!I checked that the directory did not exist, so I created it and changed owner to `ldap`. The wiki page did not mention that the directory should be created earlier, so maybe it should have been created by a post installation script. If that's the case, I will report it to package maintainers.
After I created the directory, I ran the command again, this time having a different error message:
slapadd: could not add entry dn="cn=config" (line=1): Closing DB...I have no idea what is wrong now and I cannot find anything useful on the internet. Does anyone have an idea what I may be doing wrong here?
On 6/17/22 13:17, Ulrich Windl wrote:
I think you (or the instructions) are mixing conf-syntax with config-syntax. IMHO olc* is config-syntax. See "man slapd.conf" vs. "man slapd-config".
The config.ldap file example from the Arch Wiki is almost the same as the one in the EXAMPLES section of the "slapd-config" man page you mentioned. The command is also almost the same — only the argument order is different and that on Arch it is executed as the "ldap" user.
I tried to follow the official guide at https://www.openldap.org/doc/admin26/quickstart.html (starting from point 8., because I installed the package from the Arch Linux repository), but had the same error. The instructions are too very similar to those on Arch Wiki.
Also, I forgot to mention it in the previous message, but I think that the error message not giving any details qualifies as a bug (that's what I meant by that title). "slapadd: could not add entry dn="cn=config" (line=1):"… but why? What is wrong with that entry?
Cezary Drożak wrote:
On 6/17/22 13:17, Ulrich Windl wrote:
I think you (or the instructions) are mixing conf-syntax with config-syntax. IMHO olc* is config-syntax. See "man slapd.conf" vs. "man slapd-config".
The config.ldap file example from the Arch Wiki is almost the same as the one in the EXAMPLES section of the "slapd-config" man page you mentioned. The command is also almost the same — only the argument order is different and that on Arch it is executed as the "ldap" user.
I tried to follow the official guide at https://www.openldap.org/doc/admin26/quickstart.html (starting from point 8., because I installed the package from the Arch Linux repository), but had the same error. The instructions are too very similar to those on Arch Wiki.
Also, I forgot to mention it in the previous message, but I think that the error message not giving any details qualifies as a bug (that's what I meant by that title). "slapadd: could not add entry dn="cn=config" (line=1):"… but why? What is wrong with that entry?
Add -d -1 to the slapadd invocation.
Sorry for the late response. My life has been a mess recently and I didn't have time.
I was able to track down the problem using the options you provided — it showed me the error ": config_add_internal: DN="cn=config" already exists". I found the solution on the mailing list: https://www.openldap.org/lists/openldap-software/200711/msg00068.html.
Thank you for your help.
openldap-technical@openldap.org
-
Cezary Drożak -
Howard Chu -
Ulrich Windl