LDAP
Configure abook
Download abook.ldif .
execute:
ldapadd -x -W -D 'cn=Manager,dc=fechner,dc=net' -f abook.ldif
to create the initial tree.
Search
ldapsearch -LLL -x -D "cn=Manager,dc=fechner,dc=net" -W -u
Upgrade
First make a backup of your data:
slapcat >backup-openldap-20060709.ldif
tar cvfj backup_openldap.tar.bz2 /var/db/openldap-* /usr/local/etc/openldap
Upgrade the server and the client to the new version. Now delete the old database:
find -type f /var/db/openldap-* -delete -print
Restore the old database:
slapadd -l backup-openldap-20060709.ldif
Start openldap with:
/usr/local/etc/rc.d/slapd start
Add Index
If you get the following warning message it’s recommended that you add an index to your ldap database:
Sep 18 10:28:29 server slapd[[40569]]: <= bdb_equality_candidates: (givenName) index_param failed (18)
To do this edit the file /usr/local/etc/openldap/slapd.conf and add:
index givenName pres,sub,eq
Now stop the ldap server, create the index and start the ldap server:
/usr/local/etc/rc.d/slapd stop
slapindex
/usr/local/etc/rc.d/slapd start
Tune the LDAP
If you get the warning:
Sep 18 10:36:10 server slapd[[43302]]: bdb_db_open: Warning - No DB_CONFIG file found in directory
/var/db/openldap-data: (2) Expect poor performance for suffix dc=fechner,dc=net.
it is necessary to tune your database. To do this create the file DB_CONFIG in /var/db/openldap-data with:
- one 4 MB cache
set_cachesize 0 4194304 1
- Data Directory
- set_data_dir db
- Transaction Log settings
set_lg_regionmax 262144
set_lg_bsize 2097152
- set_lg_dir logs
Adapt the cache size to your needs. You can check the values with:
db_stat-4.2 -m
Creating SSL Certificate
Create certificate if not allready exist:
openssl req -new -x509 -nodes -out slapd.pem -keyout lsapd.key -days 365
Activate in /etc/rc.conf with:
ldaps://0.0.0.0/
TLSCertificateFile /usr/share/ssl/certs/slapd.pem
TLSCertificateKeyFile /usr/share/ssl/certs/slapd.key
TLSCACertificateFile /usr/share/ssl/certs/slapd.pem
Check if all is ok:
openssl s_client -connect localhost:636 -showcerts
Recover
cd /var/db/openldap-data
db_recover-4.6
/usr/local/etc/rc.d/slapd restart