[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ldapd vs. slapd

For those of you wondering, I'm running OpenBSD 5.0. openldap-server-2.4.25p0.tgz (depends on: openldap-client-2.4.25.tgz (depends on cyrus-sasl-2.1.23p7-ldap.tgz)). Typing "ldapd" gets the appropriate tcp/ip ports responding. Typing "/etc/rc.d/slapd start" does something, but doesn't give me responses on 349 or 636.

Respectfully Submitted,
R. Toby Richards
Network Administrator
Superior Court of California
In and for the County of San Luis Obispo
(805) 781-4150
From: Bill MacAllister [whm@stanford.edu]
Sent: Monday, April 16, 2012 3:31 PM
To: Richards, Toby; openldap-technical@openldap.org
Subject: Re: ldapd vs. slapd

--On Monday, April 16, 2012 03:00:48 PM -0700 "Richards, Toby" <toby.richards@slo.courts.ca.gov> wrote:

> I've been attempting to get an OpenLDAP server running all day, and I've
> been reading official documentation, tutorials, and anything else relevant
> on Google. I have some questions:

First, it would be helpful to know what version of OpenLDAP you are
attempting to use and on what OS.

> 1. What is the difference between ldapd & slapd (and commands such
>    as ldapadd & slapdadd)? Slapd doesn't seem to respond on LDAP
>    ports, but ldapd does.

The LDAP server provided with OpenLDAP is slapd.  I don't know what
you are referring to when you talk about ldapd.

The executive summary of the difference between slapadd and ldapadd is
slapadd operates directly on the database and ldapadd operates over
protocol.  Or in other words you can slapadd entries to the database
without having the slapd daemon running.  The best documentation for
these commands are the man pages that are delivered with OpenLDAP, i.e.
'man slapadd' and 'man ldapadd'.

> 2. When using commands & configuring ldap.conf, can I use an IP address
> instead of an FQDN for the host URI?


> 3. Do self-signed certificates break ldapadd?


> 4. I'm running with an SSL certificate, but no TLS. I commonly get
>    the error "Confidentiality Required." The -Z option is for
>    TLS. How do I tell ldapadd that I'm using SSL only? I tried with
>    -Hldaps://hostname:636, but then I get "ldap_sasl_bind(SIMPLE):
>    Can't connect to LDAP server" (even if I use the -x option). I
>    know that the ldap server is running because when ldapd is
>    running, I can connect with external tools such as jxplorer or
>    ldap-at (but trying to make changes to my database will crash
>    both of those utilities).

You probably should drop back and get a working ldap server first with
a minimum amount of data.  It will make the changes that you make to
support secure connections to the directory simpler to test.  It is
also useful to run the server interactively in debug mode so you can
see what is happening.  On a debian system you would use the command:

  /usr/sbin/slapd -d 1

When you are testing it makes a lot of sense to use ldapsearch as your
first client.



Bill MacAllister
Infrastructure Delivery Group, Stanford University