Skip to content

OpenLDAP

Installation

For installation of OpenLDAP use this link as a reference:

http://www.unixmen.com/install-and-configure-openldap-in-ubuntu-15-04-and-debian-8/

Walking through the process, install OpenLDAP and utilities:

# aptitude install slapd ldap-utils
Enter your chosen ldap administration password during the install.

Note, it appears that /etc/ldap/ldap.conf is no longer required (as of package shipped with Ubuntu 15.10)

Re-configure

To set up your system defaults, do the following.

# dpkg-reconfigure slapd
You will be prompted for input through this. Here are my responses:

  • No
  • hillnet.localnet
  • hillnet
  • admin password
  • yes or no # You decide
  • yes
  • yes or no # Select yes to allow backward compatibility

At completion, review syslog: 

# cat /var/log/syslog | grep slap
You may now see a check-sum error on the /etc/ldap/slapd.d/cn=config.ldif file, as follows:

ldif_read_file: checksum error on "/etc/ldap/slapd.d/cn=config.ldif"
Here is a workaround:

Stop the service 

# systemctl stop slapd
Then change into, say, the tmp directory 
# cd /tmp
Run 
# slapcat -n0 -F /etc/ldap/slapd.d > config.ldif
Then do (as a safe guard) 
# mv /etc/ldap/slapd.d /etc/ldap/slapd.d.org
And, 
# mkdir /etc/ldap/slapd.d
And run 
# slapadd -n0 -F /etc/ldap/slapd.d -l config.ldif
This will recreate the /etc/ldap/slapd.d directory

Then fix the ownership of the new directory and its contents: 

# chown -R openldap:openldap /etc/ldap/slapd.d

Start the service 

# systemctl start slapd
Recheck syslog for errors 
# cat /var/log/syslog | grep slap
If there are no errors remove the /etc/ldap/slapd.d.org directory 
# rm -r /etc/ldap/slapd.d.org
Now, to prevent indexing errors in syslog, such as: 
...slapd[24858]: <= mdb_substring_candidates: (cn) not indexed
...slapd[24858]: <= mdb_substring_candidates: (uid) not indexed
...slapd[24858]: <= mdb_substring_candidates: (mail) not indexed
Create the following /tmp/new_index.ldif file

Refer https://wiki.debian.org/LDAP/OpenLDAPSetup

Replace mdb with whatever db was selected on package reconfigure (hdb, bdb, mdb) 

dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcDbIndex
olcDbIndex: cn pres,sub,eq
-
add: olcDbIndex
olcDbIndex: sn pres,sub,eq
-
add: olcDbIndex
olcDbIndex: displayName pres,sub,eq
-
add: olcDbIndex
olcDbIndex: default sub
-
add: olcDbIndex
olcDbIndex: mail,givenName eq,subinitial
-
add: olcDbIndex
olcDbIndex: dc eq
-
add: olcDbIndex
olcDbIndex: objectClass pres,eq
Then do (with service running):

# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f /tmp/new_index.ldif

Backup and Restore

To backup the data in your ldap installation do: 

# systemctl stop slapd

# slapcat -l /opt/backup/ldapbup.ldif

# systemctl start slapd
To restore from the backup do the following:

Stop the service 

# systemctl stop slapd`
Remove first two blocks in backup file. The blocks start as follows:

dn: dc=hillnet,dc=localnet
more text

dn: cn=admin,dc=hillnet,dc=localnet
more text
We do this because these entries were created during the re-configure actions.

The run, 

# slapadd -F /etc/ldap/slapd.d -l /opt/backup/ldapbup.ldif
And finally start the service, 
# systemctl start slapd

Last update: April 1, 2021