March 20th, 2011, 11:05 AM
I installed OpenLdap on my CentOS based VPS using yum. This is what was installed:
openldap-clients.x86_64 0:2.3.43-12.el5_5.3 openldap-servers.x86_64 0:2.3.43-12.el5_5.3
Dependency Installed: libtool-ltdl.x86_64 0:1.5.22-7.el5_4
Updated: openldap.x86_64 0:2.3.43-12.el5_5.3
I assume that using the BrekeleyDB is an option, but was wondering if the BrekeleyDB software was installed as a part of the OpenLdap package? If it is, where can I check to see that it is there? If not, then do I have to build OpenLdap from source to include the BerkeleyDB?
In various documents, I see slapd.conf(5). What is the significance of the (5) part?
I'm having trouble understanding all this. One reason for my trouble is the when I went to open the slapd.conf, I was expecting to see something like:
Instead, I opened the file and got:
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
# Allow LDAPv2 client connections. This is NOT the default.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
# Load dynamic backend modules:
# modulepath /usr/lib64/openldap
# Modules available in openldap-servers-overlays RPM package
# Module syncprov.la is now statically linked with slapd and there
# is no need to load it here
# moduleload accesslog.la
# moduleload auditlog.la
# moduleload denyop.la
# moduleload dyngroup.la
# moduleload dynlist.la
# moduleload lastmod.la
# moduleload pcache.la
# moduleload ppolicy.la
# moduleload refint.la
# moduleload retcode.la
# moduleload rwm.la
# moduleload smbk5pwd.la
# moduleload translucent.la
# moduleload unique.la
# moduleload valsort.la
# modules available in openldap-servers-sql RPM package:
# moduleload back_sql.la
# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by changing to
# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it. Your client software
# may balk at self-signed certificates, however.
# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
"/etc/openldap/slapd.conf" 110L, 3801C
I understand that the # is a comment and that to use something, I would remove the #. It just seems a bit confusing to me and a bit intimidating. I'm not looking for an explanation to all that advanced stuff. I'm just trying to get the basic functions working with the BerkeleyDB.
I'd appreciate any reply.
March 21st, 2011, 10:36 PM
bdb has always been the default, and I would not try to recreate the wheel if I were you.
You have the right idea -- there appears to be no database configuration in this slapd.conf. Did your disto include any other examples? Look around in that directory where slapd.conf is located.
Also, do a man slapd.conf and see if you can find anything in there.
Originally Posted by nakins
March 21st, 2011, 11:04 PM
Yes, I do have an example DB file. I'll look into that. Thank you very much for your replies.