LDAP

Dec 15, 2013
2 min read
Jun 30, 2023 16:33 EEST

Configure abook

Download abook.ldif .

execute:

ldapadd -x -W -D 'cn=Manager,dc=fechner,dc=net' -f abook.ldif

to create the initial tree.

Search

ldapsearch -LLL -x -D "cn=Manager,dc=fechner,dc=net" -W -u

Upgrade

First make a backup of your data:

slapcat >backup-openldap-20060709.ldif
tar cvfj backup_openldap.tar.bz2 /var/db/openldap-* /usr/local/etc/openldap

Upgrade the server and the client to the new version. Now delete the old database:

find -type f /var/db/openldap-* -delete -print

Restore the old database:

slapadd -l backup-openldap-20060709.ldif

Start openldap with:

/usr/local/etc/rc.d/slapd start

Add Index

If you get the following warning message it’s recommended that you add an index to your ldap database:

Sep 18 10:28:29 server slapd[[40569]]: <= bdb_equality_candidates: (givenName) index_param failed (18)

To do this edit the file /usr/local/etc/openldap/slapd.conf and add:

index   givenName pres,sub,eq

Now stop the ldap server, create the index and start the ldap server:

/usr/local/etc/rc.d/slapd stop
slapindex
/usr/local/etc/rc.d/slapd start

Tune the LDAP

If you get the warning:

Sep 18 10:36:10 server slapd[[43302]]: bdb_db_open: Warning - No DB_CONFIG file found in directory 
/var/db/openldap-data: (2) Expect poor performance for suffix dc=fechner,dc=net.

it is necessary to tune your database. To do this create the file DB_CONFIG in /var/db/openldap-data with:

  -  one 4 MB cache
set_cachesize 0 4194304 1

  -  Data Directory
  - set_data_dir db

  -  Transaction Log settings
set_lg_regionmax 262144
set_lg_bsize 2097152
  - set_lg_dir logs

Adapt the cache size to your needs. You can check the values with:

db_stat-4.2 -m

Creating SSL Certificate

See here

Create certificate if not allready exist:

openssl req -new -x509 -nodes -out slapd.pem -keyout lsapd.key -days 365

Activate in /etc/rc.conf with:

ldaps://0.0.0.0/

TLSCertificateFile /usr/share/ssl/certs/slapd.pem
TLSCertificateKeyFile /usr/share/ssl/certs/slapd.key
TLSCACertificateFile /usr/share/ssl/certs/slapd.pem

Check if all is ok:

openssl s_client -connect localhost:636 -showcerts

Recover

cd /var/db/openldap-data
db_recover-4.6
/usr/local/etc/rc.d/slapd restart

Related Posts