[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Trying to switch from bdb to mdb

On Sun, 2 Nov 2014 13:40:56 +0100
Dieter Klünter <dieter@dkluenter.de> wrote:

> Am Sun, 2 Nov 2014 05:46:07 -0500
> schrieb Jerry <jerry@seibercom.net>:
> 
> > On Sat, 1 Nov 2014 22:08:38 +0100
> > Dieter Klünter <dieter@dkluenter.de> wrote:
> > 
> > > Am Sat, 1 Nov 2014 14:29:10 -0400
> > > schrieb Jerry <jerry@seibercom.net>:
> > > 
> > > > I am running OpenLDAP on a FreeBSD-10 amd 64 machine. It is
> > > > installed via the FreeBSD ports system and I compile it on my
> > > > machine.
> > > > 
> > > > I recently wanted to switch from BDB since versions greater than 6
> > > > are not acceptable to OpenLDAP. I wanted to use "mdb", but I just
> > > > cannot seem to get it configured correctly.
> > > > 
> > > > I changed the "database bdb" to "database mdb" but when I try to
> > > > start openLDAP, I get this error:
> > > > 
> > > > Starting slapd
> > > > Unrecognized database type (mdb)
> > > > Warning: failed to start slapd
> > > > 
> > > > I removed the existing database, so it should be starting up with
> > > > a clean environment, but the problem continues.
> > > > 
> > > > This is probably a problem specific to FreeBSD. If any user of
> > > > FreeBSD has this working, I would love to see how they configured
> > > > it. Feel free to contact me off list if it is more convenient.
> > > 
> > > Probably OpenLDAP has not been built with static back-mdb but with
> > > back-mdb module. You may check with ./slapd -VVV, this will show all
> > > built-in modules.
> > 
> > This is the output:
> > 
> > @(#) $OpenLDAP: slapd 2.4.40 (Oct 28 2014 06:27:00) $
> >         gerard@scorpio.seibercom.net:/usr/ports/net/openldap24-server/work/openldap-2.4.40/servers/slapd
> > 
> > Included static overlays:
> >     syncprov
> > Included static backends:
> >     config
> >     ldif
> >     relay
> > 
> > Remembering that this is a FreeBSD-10 system, what should I do? This
> > is the configuration of the port:
> > 
> > /usr/ports/net/openldap24-server $ make showconfig 
> > ===> The following configuration options are available for
> > openldap-server-2.4.40: ACCESSLOG=off: With In-Directory Access
> > Logging overlay ACI=off: Per-object ACI (experimental)
> >      AUDITLOG=off: With Audit Logging overlay
> >      BDB=on: With BerkeleyDB backend (DEPRECATED)
> >      COLLECT=off: With Collect overy Services overlay
> >      CONSTRAINT=off: With Attribute Constraint overlay
> >      DDS=off: With Dynamic Directory Services overlay
> >      DEREF=off: With Dereference overlay
> >      DNSSRV=off: With Dnssrv backend
> >      DYNACL=off: Run-time loadable ACL (experimental)
> >      DYNAMIC_BACKENDS=on: Build dynamic backends
> >      DYNGROUP=off: With Dynamic Group overlay
> >      DYNLIST=off: With Dynamic List overlay
> >      FETCH=off: Enable fetch(3) support
> >      GSSAPI=off: With GSSAPI support (implies SASL support)
> >      MDB=on: With Memory-Mapped DB backend
>        ^^^^^^^^^
> 
> This is the important part, back-mdb has been built as module.
> Include back-mdb into the module load part of your slapd configuraton.

Okay, this is what my slapd.conf file looks like now. It is the one installed
by FreeBSD when openldap is installed via its port's system. I removed
personal information.

# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/nis.schema



# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

# Load dynamic backend modules:
modulepath      /usr/local/libexec/openldap
moduleload      back_bdb
# moduleload    back_hdb
# moduleload    back_ldap

# Sample security restrictions
#       Require integrity protection (prevent hijacking)
#       Require 112-bit (3DES or better) encryption for updates
#       Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#       Root DSE: allow anyone to read it
#       Subschema (sub)entry DSE: allow anyone to read it
#       Other DSEs:
#               Allow self write access
#               Allow authenticated users read access
#               Allow anonymous users to authenticate
#       Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#       by self write
#       by users read
#       by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# BDB database definitions
#######################################################################

database        bdb
#database       mdb
suffix          "REMOVED"
rootdn          "REMOVED"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          "REMOVED"
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory       /var/db/openldap-data
#maxsize   1073741824
# Indices to maintain
index   objectClass     eq
index   cn,sn,mail,o eq,sub
index   givenName,displayName eq,sub
index   ou eq,sub

What change should I make? I apologize, but I am new at this and could really
use some help.

-- 
Jerry