#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2007
    Posts
    18
    Rep Power
    0

    Using BerkeleyDB?


    I installed OpenLdap on my CentOS based VPS using yum. This is what was installed:

    openldap-clients.x86_64 0:2.3.43-12.el5_5.3 openldap-servers.x86_64 0:2.3.43-12.el5_5.3

    Dependency Installed: libtool-ltdl.x86_64 0:1.5.22-7.el5_4
    Updated: openldap.x86_64 0:2.3.43-12.el5_5.3
    Complete!

    I assume that using the BrekeleyDB is an option, but was wondering if the BrekeleyDB software was installed as a part of the OpenLdap package? If it is, where can I check to see that it is there? If not, then do I have to build OpenLdap from source to include the BerkeleyDB?

    In various documents, I see slapd.conf(5). What is the significance of the (5) part?


    I'm having trouble understanding all this. One reason for my trouble is the when I went to open the slapd.conf, I was expecting to see something like:

    database bdb
    suffix "dc=<MY-DOMAIN>,dc=<COM>"
    rootdn "cn=Manager,dc=<MY-DOMAIN>,dc=<COM>"
    rootpw secret
    directory /usr/local/var/openldap-data

    Instead, I opened the file and got:

    # See slapd.conf(5) for details on configuration options.
    # This file should NOT be world readable.
    #
    include /etc/openldap/schema/core.schema
    include /etc/openldap/schema/cosine.schema
    include /etc/openldap/schema/inetorgperson.schema
    include /etc/openldap/schema/nis.schema

    # Allow LDAPv2 client connections. This is NOT the default.
    allow bind_v2

    # Do not enable referrals until AFTER you have a working directory
    # service AND an understanding of referrals.
    #referral ldap://root.openldap.org

    pidfile /var/run/openldap/slapd.pid
    argsfile /var/run/openldap/slapd.args

    # Load dynamic backend modules:
    # modulepath /usr/lib64/openldap

    # Modules available in openldap-servers-overlays RPM package
    # Module syncprov.la is now statically linked with slapd and there
    # is no need to load it here
    # moduleload accesslog.la
    # moduleload auditlog.la
    # moduleload denyop.la
    # moduleload dyngroup.la
    # moduleload dynlist.la
    # moduleload lastmod.la
    # moduleload pcache.la
    # moduleload ppolicy.la
    # moduleload refint.la
    # moduleload retcode.la
    # moduleload rwm.la
    # moduleload smbk5pwd.la
    # moduleload translucent.la
    # moduleload unique.la
    # moduleload valsort.la

    # modules available in openldap-servers-sql RPM package:
    # moduleload back_sql.la

    # The next three lines allow use of TLS for encrypting connections using a
    # dummy test certificate which you can generate by changing to
    # /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
    # slapd.pem so that the ldap user or group can read it. Your client software
    # may balk at self-signed certificates, however.
    # TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
    # TLSCertificateFile /etc/pki/tls/certs/slapd.pem
    # TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem

    # Sample security restrictions
    # Require integrity protection (prevent hijacking)
    # Require 112-bit (3DES or better) encryption for updates
    # Require 63-bit encryption for simple bind
    # security ssf=1 update_ssf=112 simple_bind=64

    # Sample access control policy:
    # Root DSE: allow anyone to read it
    "/etc/openldap/slapd.conf" 110L, 3801C


    I understand that the # is a comment and that to use something, I would remove the #. It just seems a bit confusing to me and a bit intimidating. I'm not looking for an explanation to all that advanced stuff. I'm just trying to get the basic functions working with the BerkeleyDB.

    I'd appreciate any reply.
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2011
    Posts
    3
    Rep Power
    0
    bdb has always been the default, and I would not try to recreate the wheel if I were you.

    You have the right idea -- there appears to be no database configuration in this slapd.conf. Did your disto include any other examples? Look around in that directory where slapd.conf is located.

    Also, do a man slapd.conf and see if you can find anything in there.

    Originally Posted by nakins
    I installed OpenLdap on my CentOS based VPS using yum. This is what was installed:

    openldap-clients.x86_64 0:2.3.43-12.el5_5.3 openldap-servers.x86_64 0:2.3.43-12.el5_5.3

    Dependency Installed: libtool-ltdl.x86_64 0:1.5.22-7.el5_4
    Updated: openldap.x86_64 0:2.3.43-12.el5_5.3
    Complete!

    I assume that using the BrekeleyDB is an option, but was wondering if the BrekeleyDB software was installed as a part of the OpenLdap package? If it is, where can I check to see that it is there? If not, then do I have to build OpenLdap from source to include the BerkeleyDB?


    In various documents, I see slapd.conf(5). What is the significance of the (5) part?


    I'm having trouble understanding all this. One reason for my trouble is the when I went to open the slapd.conf, I was expecting to see something like:

    database bdb
    suffix "dc=<MY-DOMAIN>,dc=<COM>"
    rootdn "cn=Manager,dc=<MY-DOMAIN>,dc=<COM>"
    rootpw secret
    directory /usr/local/var/openldap-data

    Instead, I opened the file and got:





    # See slapd.conf(5) for details on configuration options.
    # This file should NOT be world readable.
    #
    include /etc/openldap/schema/core.schema
    include /etc/openldap/schema/cosine.schema
    include /etc/openldap/schema/inetorgperson.schema
    include /etc/openldap/schema/nis.schema

    # Allow LDAPv2 client connections. This is NOT the default.
    allow bind_v2

    # Do not enable referrals until AFTER you have a working directory
    # service AND an understanding of referrals.
    #referral ldap://root.openldap.org

    pidfile /var/run/openldap/slapd.pid
    argsfile /var/run/openldap/slapd.args

    # Load dynamic backend modules:
    # modulepath /usr/lib64/openldap

    # Modules available in openldap-servers-overlays RPM package
    # Module syncprov.la is now statically linked with slapd and there
    # is no need to load it here
    # moduleload accesslog.la
    # moduleload auditlog.la
    # moduleload denyop.la
    # moduleload dyngroup.la
    # moduleload dynlist.la
    # moduleload lastmod.la
    # moduleload pcache.la
    # moduleload ppolicy.la
    # moduleload refint.la
    # moduleload retcode.la
    # moduleload rwm.la
    # moduleload smbk5pwd.la
    # moduleload translucent.la
    # moduleload unique.la
    # moduleload valsort.la

    # modules available in openldap-servers-sql RPM package:
    # moduleload back_sql.la

    # The next three lines allow use of TLS for encrypting connections using a
    # dummy test certificate which you can generate by changing to
    # /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
    # slapd.pem so that the ldap user or group can read it. Your client software
    # may balk at self-signed certificates, however.
    # TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
    # TLSCertificateFile /etc/pki/tls/certs/slapd.pem
    # TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem

    # Sample security restrictions
    # Require integrity protection (prevent hijacking)
    # Require 112-bit (3DES or better) encryption for updates
    # Require 63-bit encryption for simple bind
    # security ssf=1 update_ssf=112 simple_bind=64

    # Sample access control policy:
    # Root DSE: allow anyone to read it
    "/etc/openldap/slapd.conf" 110L, 3801C


    I understand that the # is a comment and that to use something, I would remove the #. It just seems a bit confusing to me and a bit intimidating. I'm not looking for an explanation to all that advanced stuff. I'm just trying to get the basic functions working with the BerkeleyDB.

    I'd appreciate any reply.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2007
    Posts
    18
    Rep Power
    0
    Yes, I do have an example DB file. I'll look into that. Thank you very much for your replies.

IMN logo majestic logo threadwatch logo seochat tools logo