[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ldapd vs. slapd

--On Monday, April 16, 2012 07:02:09 PM -0700 "Richards, Toby" <toby.richards@slo.courts.ca.gov> wrote:

For those of you wondering, I'm running OpenBSD
5.0. openldap-server-2.4.25p0.tgz (depends on:
openldap-client-2.4.25.tgz (depends on
cyrus-sasl-2.1.23p7-ldap.tgz)). Typing "ldapd" gets the appropriate
tcp/ip ports responding. Typing "/etc/rc.d/slapd start" does
something, but doesn't give me responses on 349 or 636.

If you have questions about ldapd you need to find another list.  OpenLDAP
does not include ldapd.

If you have questions about OpenLDAP then you need to get some sort of
log message that would give us a ghost of a change at responding to
you.  You will get lots of logging if you start up the slapd binary
with the '-d 1' switch.


Respectfully Submitted,
R. Toby Richards
Network Administrator
Superior Court of California
In and for the County of San Luis Obispo
(805) 781-4150
From: Bill MacAllister [whm@stanford.edu]
Sent: Monday, April 16, 2012 3:31 PM
To: Richards, Toby; openldap-technical@openldap.org
Subject: Re: ldapd vs. slapd

--On Monday, April 16, 2012 03:00:48 PM -0700 "Richards, Toby" <toby.richards@slo.courts.ca.gov> wrote:

I've been attempting to get an OpenLDAP server running all day, and I've
been reading official documentation, tutorials, and anything else relevant
on Google. I have some questions:

First, it would be helpful to know what version of OpenLDAP you are
attempting to use and on what OS.

1. What is the difference between ldapd & slapd (and commands such
   as ldapadd & slapdadd)? Slapd doesn't seem to respond on LDAP
   ports, but ldapd does.

The LDAP server provided with OpenLDAP is slapd.  I don't know what
you are referring to when you talk about ldapd.

The executive summary of the difference between slapadd and ldapadd is
slapadd operates directly on the database and ldapadd operates over
protocol.  Or in other words you can slapadd entries to the database
without having the slapd daemon running.  The best documentation for
these commands are the man pages that are delivered with OpenLDAP, i.e.
'man slapadd' and 'man ldapadd'.

2. When using commands & configuring ldap.conf, can I use an IP address
instead of an FQDN for the host URI?


3. Do self-signed certificates break ldapadd?


4. I'm running with an SSL certificate, but no TLS. I commonly get
   the error "Confidentiality Required." The -Z option is for
   TLS. How do I tell ldapadd that I'm using SSL only? I tried with
   -Hldaps://hostname:636, but then I get "ldap_sasl_bind(SIMPLE):
   Can't connect to LDAP server" (even if I use the -x option). I
   know that the ldap server is running because when ldapd is
   running, I can connect with external tools such as jxplorer or
   ldap-at (but trying to make changes to my database will crash
   both of those utilities).

You probably should drop back and get a working ldap server first with
a minimum amount of data.  It will make the changes that you make to
support secure connections to the directory simpler to test.  It is
also useful to run the server interactively in debug mode so you can
see what is happening.  On a debian system you would use the command:

  /usr/sbin/slapd -d 1

When you are testing it makes a lot of sense to use ldapsearch as your
first client.



Bill MacAllister
Infrastructure Delivery Group, Stanford University


Bill MacAllister
Infrastructure Delivery Group, Stanford University