Home / server / Questions / 208616
In Process
Xiè Jìléi
Asked: 2010-12-03 16:33:00 +0800 CST

How to configure OpenLDAP 2.4 with bdb backend?

  • 772

It seems like OpenLDAP will prefer to using slapd-config(5) instead of slapd.conf(5). But I don't know how to start with slapd-config(5) because I don't know how to set a root password for it.

So I'm back using slapd.conf(5), with the following /etc/ldap/slapd.conf:

database bdb
suffix "dc=mycompany,dc=net"
rootdn "cn=root,dc=mycompany,dc=net"
rootpw secret
directory /var/lib/ldap

And alternate the /etc/default/slapd to use /etc/ldap/slapd.conf instead of /etc/ldap/slapd.d. However, it can't start then: 

sudo /etc/init.d/slapd restart
Stopping OpenLDAP: slapd.
Starting OpenLDAP: slapd - failed: 
Unrecognized database type (bdb)

But, I found their is a bdb backend: 

$ ls -al /usr/lib/ldap/*bdb*
lrwxrwxrwx 1 root     21 2010-12-02 18:50 back_bdb-2.4.so.2 -> back_bdb-2.4.so.2.5.6
-rw-r--r-- 1 root 182560 2010-11-20 02:29 back_bdb-2.4.so.2.5.6
-rw-r--r-- 1 root   1106 2010-11-20 02:28 back_bdb.la
lrwxrwxrwx 1 root     21 2010-12-02 18:50 back_bdb.so -> back_bdb-2.4.so.2.5.6
openldap configuration

2 Answers

  1. It looks like you haven't loaded this module. Uncomment/insert the belows line to slapd.conf:

    modulepath /usr/lib/ldap
moduleload back_bdb.la
    • 6

  2. I recently helped my coworker do the same thing, and this is what i found to be the quick and easy solution (on a clean install) using the new configuration backend. This was on a RHEL server, but it should be similar on whatever you are running.

    Stop slapd and check what your configuration db admin dn + password is

    [root@ldap openldap] cd /etc/openldap/slapd.d/cn\=config
[root@ldap cn=config]# egrep "olcRootDN|olcRootPW" "olcDatabase={0}config.ldif"
olcRootDN: cn=admin,cn=config
olcRootPW: secret

    If olcRootPW is not present in the file add it, and start slapd again. You'll need some ldif to create your new bdb database

    [root@ldap ldap]# cat bdb.example.com.ldif
# Load modules for database type
dn: cn=module,cn=config
objectclass: olcModuleList
cn: module
olcModuleLoad: back_bdb.la
# Create directory database
dn: olcDatabase=bdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: bdb
olcSuffix: dc=example,dc=com
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=admin,dc=example,dc=com
olcRootPW: admin
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq
# Allow users to change their own password
# Allow anonymous to authenciate against the password
# Allow admin to change anyone's password
olcAccess: to attrs=userPassword
    by self write
    by anonymous auth
    by dn.base="cn=admin,dc=example,dc=com" write
    by * none
# Allow users to change their own record
# Allow anyone to read directory
olcAccess: to *
    by self write
    by dn.base="cn=admin,dc=example,dc=com" write
    by * read

    And just insert that with ldapadd using your admin dn + password

    [root@ldap ldap]# ldapadd -h localhost -D "cn=admin,cn=config" -W -f bdb.example.com.ldif
Enter LDAP Password:
adding new entry "cn=module,cn=config"
adding new entry "olcDatabase=bdb,cn=config"

    You can change configuration in the slapd.d files just like you would do with slapd.conf, even though it is not recomended.

    • 3