[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: how to add a new database with slapd.d?

On 26/07/2010 13:10, Zhang Weiwu wrote:

With Ubuntu 10.04, slapd is shipped by default using slapd.d
configuration instead of slapd.conf. Referring to the document [1] I
believe adding a new database should be as simple as adding a new file
in slapd.d/cn=config/
One would usually add the new configuration object via LDAP, rather than by modifying the database files. This is the point of cn=config. However, adding files may work also... 


But it doesn't work for me. Behavior explained below:

I created this new database definition by copying example [2]:

# cat "/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb"
# BDB definition for example.com
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcSuffix: "dc=test,dc=com"
olcDbDirectory: /var/lib/ldap
olcRootDN: "cn=Manager,dc=test,dc=com"
olcRootPW: secret
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,uid pres,eq,approx,sub
olcDbIndex: objectClass eq
olcAccess: to attrs=userPassword
   by self write
   by anonymous auth
   by dn.base="cn=Admin,dc=test,dc=com" write
   by * none
olcAccess: to *
   by self write
   by dn.base="cn=Admin,dc=test,dc=com" write
   by * read


According to my experience of using slapd.conf in the last five years,
if I restart slapd, I should see DB_CONFIG and a few other files created
in DB directory. But this is not happening this time.
The DB_CONFIG file will only be created if you have used the parameter olcDbConfig (dbconfig in slapd.conf).
The file should be named /etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif. 


root@orphalese:~# ls -dlh /var/lib/ldap
drwxr-x--- 2 openldap openldap 4.0K Jun 12 10:36 /var/lib/ldap
root@orphalese:~# ls -lh /var/lib/ldap
total 0

Quesiton: 1) did I do anything wrong? 2) What would you future suggest me to check?

List of what I have checked:


   1. Adding entry to the newly created database also doesn't work:

      # slapadd -b dc=test,dc=com < /tmp/first.ldif
      slapadd: slap_init no backend for "dc=test,dc=com"

   2. I checked syslog with LogLevel set to 255, end up with a lot of
      details in syslog but none mentioning keyword 'hdb'.
I recommend using loglevel config to see debugging information related to configuration issues. If your file is not read, the hdb database won't appear in the output... 


   3. The above experiment is re-done with hdb replaced with bdb without
      luck neither.

   4. Authentication also fails:
      $ ldapsearch -x -D cn=Manager,dc=test,dc=com -w secret
      ldap_bind: Invalid credentials (49)

   5. I also checked to make sure slapd.conf doesn't exist.

   6. I also checked there is only one slapd.d directory and slapd is
      using the same slapd.d that I am editing, by the fact I changed
      LogLevel in cn=config.ldif and it has vivid effect on syslog.




[1] http://www.openldap.org/doc/admin24/slapdconf2.html
[2] The 'example' is "/etc/ldap/slapd.d/cn=config/olcDatabase=bdb"
shipped with Ubuntu:

# cat "/etc/ldap/slapd.d/cn=config/olcDatabase=bdb"
# BDB definition for example.com
dn: olcDatabase=bdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: bdb
olcSuffix: "dc=example,dc=com"
olcDbDirectory: /usr/local/var/openldap-data
olcRootDN: "cn=Manager,dc=example,dc=com"
olcRootPW: secret
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,uid pres,eq,approx,sub
olcDbIndex: objectClass eq
olcAccess: to attrs=userPassword
   by self write
   by anonymous auth
   by dn.base="cn=Admin,dc=example,dc=com" write
   by * none
olcAccess: to *
   by self write
   by dn.base="cn=Admin,dc=example,dc=com" write
   by * read




--
--------------------------------------------------------------
Jonathan Clarke - jonathan@phillipoux.net
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------