How to configure OpenLDAP 2.4 with bdb backend?
Solution 1
It looks like you haven't loaded this module. Uncomment/insert the belows line to slapd.conf:
modulepath /usr/lib/ldap
moduleload back_bdb.la
Solution 2
I recently helped my coworker do the same thing, and this is what i found to be the quick and easy solution (on a clean install) using the new configuration backend. This was on a RHEL server, but it should be similar on whatever you are running.
Stop slapd and check what your configuration db admin dn + password is
[root@ldap openldap] cd /etc/openldap/slapd.d/cn\=config
[root@ldap cn=config]# egrep "olcRootDN|olcRootPW" "olcDatabase={0}config.ldif"
olcRootDN: cn=admin,cn=config
olcRootPW: secret
If olcRootPW is not present in the file add it, and start slapd again. You'll need some ldif to create your new bdb database
[root@ldap ldap]# cat bdb.example.com.ldif
# Load modules for database type
dn: cn=module,cn=config
objectclass: olcModuleList
cn: module
olcModuleLoad: back_bdb.la
# Create directory database
dn: olcDatabase=bdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: bdb
olcSuffix: dc=example,dc=com
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=admin,dc=example,dc=com
olcRootPW: admin
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq
# Allow users to change their own password
# Allow anonymous to authenciate against the password
# Allow admin to change anyone's password
olcAccess: to attrs=userPassword
by self write
by anonymous auth
by dn.base="cn=admin,dc=example,dc=com" write
by * none
# Allow users to change their own record
# Allow anyone to read directory
olcAccess: to *
by self write
by dn.base="cn=admin,dc=example,dc=com" write
by * read
And just insert that with ldapadd using your admin dn + password
[root@ldap ldap]# ldapadd -h localhost -D "cn=admin,cn=config" -W -f bdb.example.com.ldif
Enter LDAP Password:
adding new entry "cn=module,cn=config"
adding new entry "olcDatabase=bdb,cn=config"
You can change configuration in the slapd.d files just like you would do with slapd.conf, even though it is not recomended.
Related videos on Youtube
27 : 36
17 : 32
19 : 41
10 : 24
02 : 51
Xiè Jìléi
Updated on September 17, 2022Comments
-
Xiè Jìléi over 1 year
It seems like OpenLDAP will prefer to using slapd-config(5) instead of slapd.conf(5). But I don't know how to start with slapd-config(5) because I don't know how to set a root password for it.
So I'm back using slapd.conf(5), with the following
/etc/ldap/slapd.conf:database bdb suffix "dc=mycompany,dc=net" rootdn "cn=root,dc=mycompany,dc=net" rootpw secret directory /var/lib/ldapAnd alternate the
/etc/default/slapdto use/etc/ldap/slapd.confinstead of/etc/ldap/slapd.d. However, it can't start then:sudo /etc/init.d/slapd restart Stopping OpenLDAP: slapd. Starting OpenLDAP: slapd - failed: Unrecognized database type (bdb)But, I found their is a bdb backend:
$ ls -al /usr/lib/ldap/*bdb* lrwxrwxrwx 1 root 21 2010-12-02 18:50 back_bdb-2.4.so.2 -> back_bdb-2.4.so.2.5.6 -rw-r--r-- 1 root 182560 2010-11-20 02:29 back_bdb-2.4.so.2.5.6 -rw-r--r-- 1 root 1106 2010-11-20 02:28 back_bdb.la lrwxrwxrwx 1 root 21 2010-12-02 18:50 back_bdb.so -> back_bdb-2.4.so.2.5.6 -
jeremiah over 7 yearsThis helped me. I needed to add a DB_CONFIG file to /var/lib/ldap/ as well.