當前位置：首頁 > 编程资源 > 编程问答 >内容正文

编程问答

Converting slapd.conf to a Directory Based Configu

發布時間：2025/4/5 编程问答 23 豆豆

生活随笔收集整理的這篇文章主要介紹了 Converting slapd.conf to a Directory Based Configu 小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

為什么80%的碼農都做不了架構師？>>> ??

OpenLDAP 2.4

OpenLDAP 2.4?provides some great new features over 2.3. Notable among them are the ability to store configuration data in the directory and change values on the fly.

Adding a Schema

Converting slapd.conf to a Directory Based Configuration

OpenLDAP 2.4 maintains an LDIF-based online directory in /etc/openldap/slapd.d/ (or otherwise specified location). In order to use this, you must seed the directory one of two ways. One way is to convert an existing slapd.conf file, which is illustrated below. Note that to access the newly minted cn=config, you should create an entry in your slapd.conf to provide a root password to this entry, or otherwise provide a useful ACL/ACI which gives a user access.

To convert a standard slapd.conf file to the new format, issue the following command (re: man slapd-config):

slaptest?-f?/etc/openldap/slapd.conf?-F?/etc/openldap/slapd.d

Note that the directory /etc/openldap/slapd.d must exist prior to this command successfully completing.

After importing the config file, start the OpenLDAP server:

/etc/init.d/ldap start

Verify that the server is running:

ldapsearch?-x?-b?''?-s?base?'(objectclass=*)'?namingContexts

After validating that the server will start and stop, import some data with an LDIF file:

slapadd -l <file>.ldif

When attempting this, I get an error about an invalid attribute for an objectclass:

# slapadd -l slapcat.out
str2entry: invalid value for attributeType objectClass #1 (syntax 1.3.6.1.4.1.1466.115.121.1.38)
slapadd: could not parse entry (line=1)

Missing a schema, had to add cosine schema to get this to work.

When attempting to add the schema ldif, I get this error:

# ldapadd -x -H ldap://locahost -D "cn=manager,dc=example,dc=org" -W -f core.ldif
Enter LDAP Password:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

I switched back to using the slapd.conf file to get this to work, and emptying out the /var/lib/openldap-data directory, reattempting the slapadd, I get the following:

# slapadd -l backup.ldif
bdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/openldap-data: (2).
Expect poor performance for suffix "dc=example,dc=org".
<= str2entry: str2ad(pwdHistory): attribute type undefined
slapadd: could not parse entry (line=79)

Missing ppolicy overlay.

Adding some schemas:

# ldapadd -x -H ldap://localhost/ -D "cn=config" -W -f schema/archive/cosine.ldif
Enter LDAP Password:
adding new entry "cn=cosine,cn=schema,cn=config"

# ldapadd -x -H ldap://localhost/ -D "cn=config" -W -f schema/archive/inetorgperson.ldif
Enter LDAP Password:
adding new entry "cn=inetorgperson,cn=schema,cn=config"

# ldapadd -x -H ldap://localhost/ -D "cn=config" -W -f schema/archive/nis.ldif
Enter LDAP Password:
adding new entry "cn=nis,cn=schema,cn=config"

# ldapadd -x -H ldap://localhost/ -D "cn=config" -W -f schema/archive/openldap.ldif
Enter LDAP Password:
adding new entry "cn=openldap,cn=schema,cn=config"

Note that you cannot (as of version 2.4.7) use slapindex to generate the cn=config configuration, use slaptest:

# cd /etc/openldap
# mkdir slapd.d
# /usr/sbin/slapindex -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
# echo $?
0

Program exits without error.

# ls /etc/openldap/slapd.d

Subsequently, running this command immediately after generates the appropriate
cn=config:

# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
config file testing succeeded
# ll slapd.d
total 8
drwxr-x--- 4 root root 4096 Jan 10 13:07 cn=config
-rw------- 1 root root 1097 Jan 10 13:07 cn=config.ldif

I have filed an ITS with the OpenLDAP project for this (ITS#5321).

Querying cn=config

A sample query:

ldapsearch -x -H ldap://localhost/ -D "cn=config" -b 'cn=config' -W cn=config
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: cn=config
# requesting: ALL
#

# config
dn: cn=config
objectClass: olcGlobal
cn: config
olcConfigFile: /etc/openldap/slapd.conf.WORKING
olcConfigDir: /etc/openldap/slapd.d
olcArgsFile: /var/run/openldap/run/slapd.args
olcAttributeOptions: lang-
olcAuthzPolicy: none
olcConcurrency: 0
olcConnMaxPending: 100
olcConnMaxPendingAuth: 1000
olcGentleHUP: FALSE
olcIdleTimeout: 0
olcIndexSubstrIfMaxLen: 4
olcIndexSubstrIfMinLen: 2
olcIndexSubstrAnyLen: 4
olcIndexSubstrAnyStep: 2
olcLocalSSF: 71
olcLogLevel: Any
olcPidFile: /var/run/openldap/run/slapd.pid
olcReadOnly: FALSE
olcSaslSecProps: noplain,noanonymous
olcSockbufMaxIncoming: 262143
olcSockbufMaxIncomingAuth: 16777215
olcThreads: 16
olcToolThreads: 1

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Query cn=schema:

ldapsearch -x -H ldap://localhost/ -D "cn=config" -b 'cn=schema,cn=config' -W

Query cn=config for olcDatabase entries:

Note that this searches for the second database, which is of type bdb.

ldapsearch -x -H ldap://localhost/ -D "cn=config" -b 'olcDatabase={1}bdb,cn=config' -W -LLL

轉載于:https://my.oschina.net/pwd/blog/386833

總結

以上是生活随笔為你收集整理的Converting slapd.conf to a Directory Based Configu的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。

上一篇：【流量劫持】躲避 HSTS 的 HTTP
下一篇： Java知多少（4）J2SE、J2EE、