20070901 second openldap directory on the same server - plembo/onemoretech GitHub Wiki

title: second openldap directory on the same server link: https://onemoretech.wordpress.com/2007/09/01/second-openldap-directory-on-the-same-server/ author: lembobro description: post_id: 649 created: 2007/09/01 17:19:00 created_gmt: 2007/09/01 17:19:00 comment_status: open post_name: second-openldap-directory-on-the-same-server status: publish post_type: post

second openldap directory on the same server

If you don’t need a second, distinct slapd process (e.g. no need for the directory to run on a different port, listen on a different interface, or use a separate logfile) this actually pretty easy. All you have to do is add another “database” line and define a different suffix than any of the database definitions that came before.

So, if your first database was defined as:

database dbd suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" rootpw secret directory /var/lib/ldap

… with whatever indexing and other command you’ve got, the next database would be defined with,

database dbd suffix "dc=sample,dc=org" rootdn "cn=Manager,dc=sample,dc=org" rootpw secret directory /var/lib/ldap2

That’s all there is to it. You’ll connect to this new db using the same port as your other db, but with a different context. So instead of

`ldapsearch -x -LLL -b "dc=example,dc=com" -s sub
"objectclass=*"```

you’d use

ldapsearch -x -LLL -b "dc=sample,dc=org" -s sub "objectclass=*"

Keep in mind that when initializing the new db, you need to specify it’s context as one of the parameters for slapadd

slapadd -s /etc/openldap/slapd.conf -b "dc=sample,dc=org" -l sample.ldif

Your new db files will get created in /var/lib/ldap2, or whatever directory you specified within your new database definition.

Don’t forget that you must specify indexes, time and size limits for each database defined, even if these will be the same as those already set for previous databases.

Also, when you combine two or more databases in the same slapd.conf, operations from both will get logged together. If you want separate logs you’ll need to set up a second slapd.conf and invoke slapd a second time with this new slapd.conf as the config file. Something like this:

slapd -n slapd2 -l LOCAL6 -f /etc/openldap/slapd2.conf -h ldap:///:10389 -u ldap -g ldap

In the above line I’ve set a different syslog facility for my log (and defined it in syslog.conf to write to a different log file than my main slapd, which is running on LOCAL4), I’m also starting it up on a different port (10389).