Understanding LDAP (part 2) - The Root Of All Evil (
Page 4 of 9 )
Configuration of the "slapd" daemon
is handled via a configuration file named "slapd.conf", usually located in your
installation's "etc/openldap/" directory. Pop open this file in your favourite
text editor, and page down to the end of the file, where the database
definitions are stored - you should see something like this:
#######################################################################
# ldbm database definitions
#######################################################################
database bdb
suffix "dc=my-domain,dc=com"
rootdn "cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND # should only
be accessible by the slapd/tools. Mode 700 recommended.
directory /usr/local/openldap/var/openldap-data
# Indices to maintain
index objectClass eq
Update this section to reflect your environment
- for example, for the "melonfire.com" domain, I have the following entries in
this section:
#######################################################################
# ldbm database definitions
#######################################################################
database bdb
suffix "dc=melonfire,dc=com"
rootdn "cn=root,dc=melonfire,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory /usr/local/openldap/var/openldap-data
# Indices to maintain
index objectClass eq
A quick explanation here: the "suffix" configuration
directive tells "slapd" which node to use as the root (or "base DN") of the
directory tree, while the "rootdn" and "rootpw" directives tell "slapd" which
entry has administrative rights to the database. The "directory" directive tells
the system where to store its databases - in this case, in the directory
"/usr/local/openldap/var/openldap-data".
The base DN to be specified in
this section will serve as the root for the LDAP tree, and therefore must exist
as an entry in the LDAP directory before you can begin using the
service.
Once you're done with this section, go back up to the top of the
file and locate the section which contains the schema definitions to be read by
"slapd". By default, this section contains only a single entry:
include /usr/local/openldap/etc/openldap/schema/core.schema
Alter
this to include two additional definitions - these will be needed when you try
to create "inetOrgPerson" object instances for your LDAP address book.
include /usr/local/openldap/etc/openldap/schema/cosine.schema
include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema
All
done? Save the file and exit.
Now, try running "slapd".
[root@olympus] $ /usr/local/openldap/libexec/slapd
If
it works, great - flip the page, and find out how to start manipulating your
LDAP database. If it doesn't, it's probably because of an error like this:
/usr/local/openldap/libexec/slapd: error in loading shared libraries:
libdb-4.1.so: cannot open shared object file: No such file or directory
This
is pretty simple to fix - all you need to do is tell your system where the
OpenLDAP and Berkeley DB library files are stored. Pop open the
"/etc/ld.so.conf" file and add these directories to the end of the directory
list:
/usr/local/openldap/lib
/usr/local/BerkeleyDB.4.1/lib
Now, save the file and recreate the system's
library database by running "ldconfig".
[root@olympus] $ ldconfig
Try invoking
"slapd" again,
[root@olympus] $ /usr/local/openldap/libexec/slapd
and
it should start up normally.
