Understanding LDAP (part 2) - The Root Of All Evil (Page 4 of 9 )
Configuration of the "slapd" daemon is handled via a configuration file named "slapd.conf", usually located in your installation's "etc/openldap/" directory. Pop open this file in your favourite text editor, and page down to the end of the file, where the database definitions are stored - you should see something like this:
#######################################################################
# ldbm database definitions
#######################################################################
database bdb
suffix "dc=my-domain,dc=com"
rootdn "cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND # should only
be accessible by the slapd/tools. Mode 700 recommended.
directory /usr/local/openldap/var/openldap-data
# Indices to maintain
index objectClass eq
Update this section to reflect your environment
- for example, for the "melonfire.com" domain, I have the following entries in this section:
#######################################################################
# ldbm database definitions
#######################################################################
database bdb
suffix "dc=melonfire,dc=com"
rootdn "cn=root,dc=melonfire,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory /usr/local/openldap/var/openldap-data
# Indices to maintain
index objectClass eq
A quick explanation here: the "suffix" configuration
directive tells "slapd" which node to use as the root (or "base DN") of the directory tree, while the "rootdn" and "rootpw" directives tell "slapd" which entry has administrative rights to the database. The "directory" directive tells the system where to store its databases - in this case, in the directory "/usr/local/openldap/var/openldap-data".
The base DN to be specified in this section will serve as the root for the LDAP tree, and therefore must exist as an entry in the LDAP directory before you can begin using the service.
Once you're done with this section, go back up to the top of the file and locate the section which contains the schema definitions to be read by "slapd". By default, this section contains only a single entry:
include /usr/local/openldap/etc/openldap/schema/core.schema
Alter
this to include two additional definitions - these will be needed when you try to create "inetOrgPerson" object instances for your LDAP address book.
include /usr/local/openldap/etc/openldap/schema/cosine.schema
include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema
All
done? Save the file and exit.
Now, try running "slapd".
[root@olympus] $ /usr/local/openldap/libexec/slapd
If
it works, great - flip the page, and find out how to start manipulating your LDAP database. If it doesn't, it's probably because of an error like this:
/usr/local/openldap/libexec/slapd: error in loading shared libraries:
libdb-4.1.so: cannot open shared object file: No such file or directory
This
is pretty simple to fix - all you need to do is tell your system where the OpenLDAP and Berkeley DB library files are stored. Pop open the "/etc/ld.so.conf" file and add these directories to the end of the directory list:
/usr/local/openldap/lib
/usr/local/BerkeleyDB.4.1/lib
Now, save the file and recreate the system's
library database by running "ldconfig".
[root@olympus] $ ldconfig
Try invoking
"slapd" again,
[root@olympus] $ /usr/local/openldap/libexec/slapd
and
it should start up normally.
Next: A Little Black Book Is Born >>
More Administration Articles
More By icarus, (c) Melonfire
