U.S. +1 (312) 214 3570  |  E.U +34 (91) 320-5524
Contact Us

OpenLDAP

Installing and Configuring OpenLDAP on a Unix/Linux System

In general, OpenLDAP should be available for your system as an installable package within your distribution package repository. If you cannot find a package for your system, you may need to build OpenLDAP from source. If this is the case, we highly recommend that you read the installation guide at:


http://www.openldap.org/doc/admin24/install.html

Once OpenLDAP has been installed on your system, you will need to edit the configuration to set up a directory. In previous releases of OpenLDAP, the configuration was stored statically in a file named 'slapd.conf' (usually in /etc/). Unfortunately, this meant that the directory needed to be restarted for any changes that were made to the configuration. The current version of OpenLDAP (2.4.11), now stores the configuration in the backend database, which allows you to update the configuration while the LDAP server is live. The current version is backward compatible and can be configured to run using the old-style slapd.conf file.

If you need to create the old-style configuration file, either because you are installing an earlier version of OpenLDAP or because you are struggling with the newer dynamic configuration, it should look something like this:



# This is the main slapd configuration file. See slapd.conf for more
# info on the configuration options.

#######################################################################
# Global Directives:

# Features to permit
# allow bind_v2

# Schema and objectClass definitions
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema

# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile         /var/run/slapd/slapd.pid

# List of arguments that were passed to the server
argsfile        /var/run/slapd/slapd.args

# Read slapd.conf(5) for possible values
loglevel        none

# Where the dynamically loaded modules are stored
modulepath    /usr/lib/ldap
moduleload    back_hdb

# The maximum number of entries that is returned for a search operation
sizelimit 500

# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1

#######################################################################
# Specific Backend Directives for hdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend        hdb

# Specific Directives for database #1, of type hdb:
# Database specific directives apply to this database until another
# 'database' directive occurs
database        hdb

# The base of your directory in database #1
suffix          "dc=mycompany,dc=org"

# rootdn directive for specifying a superuser on the database. This is needed
# for syncrepl.
rootdn          "cn=admin,dc=mycompany,dc=org"

# Where the database file are physically stored for database #1
directory       "/var/lib/ldap"

# The dbconfig settings are used to generate a DB_CONFIG file the first
# time slapd starts.  They do NOT override existing an existing DB_CONFIG
# file.  You should therefore change these settings in DB_CONFIG directly
# or remove DB_CONFIG and restart slapd for changes to take effect.

# Cache size (currently set at 2MB)
dbconfig set_cachesize 0 2097152 0

# Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500
# Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500
# Number of lockers
dbconfig set_lk_max_lockers 1500

# Indexing options for database #1
index           objectClass eq

# Save the time that the entry gets modified, for database #1
lastmod         on

# Checkpoint the BerkeleyDB database periodically in case of system
# failure and to speed slapd shutdown.
checkpoint      512 30

access to attrs=userPassword,shadowLastChange
        by dn="cn=admin,dc=mycompany,dc=com" write
        by anonymous auth
        by self write
        by * none

access to *
        by dn="cn=admin,dc=mycompany,dc=com" write
        by * read

access to dn.base="" by * read



Note that you will need to substitute dc=mycompany,dc=com in the above file, with whatever you want your root DN to be.

The new approach to the configuration for OpenLDAP is, in some ways, much easier in that you can now use your standard LDAP tools or an LDAP browser to make changes to your configuration. Although distribution specific, an excellent set of instructions can be found at:

https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html


About Symlabs
 
Symlabs is the performance leader for virtual directory and identity management solutions.   Benchmarks show Symlabs Virtual Directory Server, LDAP Proxy and Federated Identity Suite are the fastest and most powerful products in the industry for managing and unifying identity data.   Global giants like Sony, IBM, Vodafone, Nokia and United Nations already depend on Symlabs to add flexibility, security, and reliability to their infrastructure.  Symlabs also offers annual support, training and professional services to our clients to help them develop, integrate, and maintain solutions.