1:42 p.m.
Hello,
I am trying to set up OpenLDAP on Arch Linux on my server, following
instruction on Arch Wiki[1]. I prepared the config.ldif file, replacing
every $BASEDN and $PASSWD in the example configuration:
# The root config entry
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /run/openldap/slapd.args
olcPidFile: /run/openldap/slapd.pid
# Schemas
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
# TODO: Include further schemas as necessary
include: file:///etc/openldap/schema/core.ldif
# The config database
dn: olcDatabase=config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: config
olcRootDN: cn=Manager,dc=example,dc=com
# The database for our entries
dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: mdb
olcSuffix: dc=example,dc=com
olcRootDN: cn=Manager,dc=example,dc=com
olcRootPW: {SSHA}xZqSQN4wG4+C5I57dB/Qm02vJ+kQcwd7
olcDbDirectory: /var/lib/openldap/openldap-data
# TODO: Create further indexes
olcDbIndex: objectClass eq
Then I executed the following command:
sudo -u ldap slapadd -n 0 -F /etc/openldap/slapd.d/ -l ./config.ldif
This gave me the following error:
invalid config directory /etc/openldap/slapd.d/, error 2
slapadd: bad configuration directory!
I checked that the directory did not exist, so I created it and changed
owner to `ldap`. The wiki page did not mention that the directory should
be created earlier, so maybe it should have been created by a post
installation script. If that's the case, I will report it to package
maintainers.
After I created the directory, I ran the command again, this time having
a different error message:
slapadd: could not add entry dn="cn=config" (line=1):
Closing DB...
I have no idea what is wrong now and I cannot find anything useful on
the internet. Does anyone have an idea what I may be doing wrong here?
[1]: https://wiki.archlinux.org/title/OpenLDAP
4:17 a.m.
New subject: Antw: [EXT] Empty error when configuring OpenLDAP
>> Cezary Drozak <cezary(a)drozak.net> schrieb am 16.06.2022
um 22:42 in Nachricht
<3a3f4745-56fc-91c5-0f0e-2cce6a4734dd(a)drozak.net>:
Hello,
I am trying to set up OpenLDAP on Arch Linux on my server, following
instruction on Arch Wiki[1]. I prepared the config.ldif file, replacing
every $BASEDN and $PASSWD in the example configuration:
# The root config entry
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /run/openldap/slapd.args
olcPidFile: /run/openldap/slapd.pid
# Schemas
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
# TODO: Include further schemas as necessary
include: file:///etc/openldap/schema/core.ldif
# The config database
dn: olcDatabase=config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: config
olcRootDN: cn=Manager,dc=example,dc=com
# The database for our entries
dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: mdb
olcSuffix: dc=example,dc=com
olcRootDN: cn=Manager,dc=example,dc=com
olcRootPW: {SSHA}xZqSQN4wG4+C5I57dB/Qm02vJ+kQcwd7
olcDbDirectory: /var/lib/openldap/openldap-data
# TODO: Create further indexes
olcDbIndex: objectClass eq
Then I executed the following command:
sudo -u ldap slapadd -n 0 -F /etc/openldap/slapd.d/ -l ./config.ldif
I think you (or the instructions) are mixing conf-syntax with config-syntax.
IMHO olc* is config-syntax.
See "man slapd.conf" vs. "man slapd-config".
Regards,
Ulrich
This gave me the following error:
invalid config directory /etc/openldap/slapd.d/, error 2
slapadd: bad configuration directory!
I checked that the directory did not exist, so I created it and changed
owner to `ldap`. The wiki page did not mention that the directory should
be created earlier, so maybe it should have been created by a post
installation script. If that's the case, I will report it to package
maintainers.
After I created the directory, I ran the command again, this time having
a different error message:
slapadd: could not add entry dn="cn=config" (line=1):
Closing DB...
I have no idea what is wrong now and I cannot find anything useful on
the internet. Does anyone have an idea what I may be doing wrong here?
[1]: https://wiki.archlinux.org/title/OpenLDAP
4:52 a.m.
New subject: Antw: [EXT] Empty error when configuring OpenLDAP
On 6/17/22 13:17, Ulrich Windl wrote:
I think you (or the instructions) are mixing conf-syntax with
config-syntax.
IMHO olc* is config-syntax.
See "man slapd.conf" vs. "man slapd-config".
The config.ldap file example from the Arch Wiki is almost the same as
the one in the EXAMPLES section of the "slapd-config" man page you
mentioned. The command is also almost the same — only the argument order
is different and that on Arch it is executed as the "ldap" user.
I tried to follow the official guide at
https://www.openldap.org/doc/admin26/quickstart.html (starting from
point 8., because I installed the package from the Arch Linux
repository), but had the same error. The instructions are too very
similar to those on Arch Wiki.
Also, I forgot to mention it in the previous message, but I think that
the error message not giving any details qualifies as a bug (that's what
I meant by that title). "slapadd: could not add entry dn="cn=config"
(line=1):"… but why? What is wrong with that entry?
7:05 a.m.
New subject: Antw: [EXT] Empty error when configuring OpenLDAP
Cezary Drożak wrote:
On 6/17/22 13:17, Ulrich Windl wrote:
> I think you (or the instructions) are mixing conf-syntax with config-syntax.
> IMHO olc* is config-syntax.
> See "man slapd.conf" vs. "man slapd-config".
The config.ldap file example from the Arch Wiki is almost the same as the one in the
EXAMPLES section of the "slapd-config" man page you mentioned. The command
is also almost the same — only the argument order is different and that on Arch it is
executed as the "ldap" user.
I tried to follow the official guide at
https://www.openldap.org/doc/admin26/quickstart.html (starting from point 8., because I
installed the package from the
Arch Linux repository), but had the same error. The instructions are too very similar to
those on Arch Wiki.
Also, I forgot to mention it in the previous message, but I think that the error message
not giving any details qualifies as a bug (that's what I meant by that
title). "slapadd: could not add entry dn="cn=config" (line=1):"… but
why? What is wrong with that entry?
Add -d -1 to the slapadd invocation.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
noon
New subject: Antw: [EXT] Empty error when configuring OpenLDAP
Sorry for the late response. My life has been a mess recently and I
didn't have time.
I was able to track down the problem using the options you provided — it
showed me the error ": config_add_internal: DN="cn=config" already
exists". I found the solution on the mailing list:
https://www.openldap.org/lists/openldap-software/200711/msg00068.html.
Thank you for your help.
470
days inactive
538
days old
openldap-technical@openldap.org
4 comments
3 participants
participants (3)
-
Cezary Drożak -
Howard Chu -
Ulrich Windl