Hi Dan White and Peter Gietz.
Thank's for your kind pointers in the right direction.
Now I finally got it. :-)
My goal was to set up openldap using only the dynamic configuration style.
So I had to start from absolutely zero, everything else is considered cheating. :-)
One of the first obstacles was an error telling me that my database did not accept
But it seems this error is not accurate because if I start by using a config.ldif that’s
empty I get the same error.
Finally I figured out with the help of some logic of my own and using man pages for
openldap that I had to be sure to set the correct user to my data directory as well as my
Another problem loading my config.ldif is the slapadd command.
In several places the syntax was like this:
slapadd -d -1 -F /etc/openldap/slapd.d -F /etc/openldap/config.ldif
That is wrong, the correct syntax is like this:
slapadd -d -1 -F /etc/openldap/slapd.d -n 0 -l /etc/openldap/config.ldif
Next problem that showed up was hash sign #.
For some reason I had put # on line 1 in my config.ldif. This is a no no it turns out.
I also did use a line with only one # between the different blocks in my config, that also
gave me problems.
So after removing all # from my config my config seemed to work but slapd still would not
I finally found out that the schema block was special.
Special in that regard that I had to have an empty line between schema block and the
By the way, It seems ok to have a line start with a # then space then some text without
getting in to trouble. Like this.
# This is a comment
So anyway this is my config.ldif.
olcAttributeOptions: x-hidden lang-
olcAccess: to attrs=name;x-hidden by * =cs
olcAccess: to attrs=userPassword by * auth
olcAccess: to * by * read
olcAccess: to * by * none
olcDbIndex: objectClass eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
So thank’s for your help and I my self consider this problem solved.
19 feb 2014 kl. 20:07 skrev Dan White <dwhite(a)olp.net>:
On 02/19/14 18:29 +0100, Sonny Taberman wrote:
> Hi all ldap people.
> I have been trying this new way of configuring a slapd server from scratch. Sorry to
say total failure on my side. I'm not sure where to begin.
> I have built a linux system from LFS Linux from scratch. So I want to install
openldap from source, so far no problems.
> When my installation is done i have a directory in /etc/ named openldap and the
content inside is this:
> To start configure my slapd using slapd.conf there is no problem. Actually I'm
beginning to think I'm pretty good att this. :-)
> But then I try to read all I can find about configure a new slapd using slapd.ldif,
not that easy.
> I understand that I need a new directory named slapd.d. After that I have no clue.
> I guess something is hardcoded in slapd but what am I supposed to do next?
> How can i communicate with slapd ? I guess I have to define a password somewhere for
a manager or administrator but how and where?
> Is there a tutorial somwhere ?
> All I need is how to start. :-)
See slapd(8), slaptest(5), slapd-config(5), ldap.conf(5), and chapter 5 of
the OpenLDAP Software 2.4 Administrator's Guide.
chown user.group <path/to>/slapd.d
chmod ? <path/to>/slapd.d
# and assuming you want to bootstrap using a slapd.conf:
slaptest -f <path/to>slapd.conf -F <path/to>/slapd.d
Create an init script that starts slapd with appropriate options, e.g.:
/usr/sbin/slapd -h "ldap:/// ldapi:///" -g openldap -u openldap -F
It is not recommended to modify files underneath <path/to>/slapd.conf with
a text editor, which you may be tempted to do. Use ldapadd/ldapmodify to
make modifications, or use slapcat -n0 to create a portable representation
of your config.
Search for documentation or discussion of SASL EXTERNAL authentication over
ldapi:/// (using olcAuthzRegexp), to perform administrator (rootDN)