title: openldap with old-style root dn link: https://onemoretech.wordpress.com/2007/09/04/openldap-with-old-style-root-dn/ author: lembobro description: post_id: 646 created: 2007/09/04 13:46:00 created_gmt: 2007/09/04 13:46:00 comment_status: open post_name: openldap-with-old-style-root-dn status: publish post_type: post

openldap with old-style root dn

I needed to do this during testing of an OpenLDAP proxy, and since examples were so difficult to find, thought I’d post it here.

To make this work your slapd.conf must have an include line for the core.schema (in addition to any others you might need for user entries, like cosine, inetorgperson and nis schemas).

In slapd.conf, under your database line (e.g. database dbd), you need to put a suffix directive like:

database dbd suffix "o=Example,c=US"

Then when you create your db load file for slapadd to create the database, make sure you include your root dn at the top:

dn: o=Example,c=US objectclass: top objectclass: organization o: Example

Notice that there is no ‘c’ attribute or value in the body of the entry. Under the “standard” organization schema (contained in core.schema) countryName or ‘c’ is not an allowed attribute. The attribute may be used in a distinguished name, however. DN values are not subject to the schema in the same ways as other attributes within an entry.

Copyright 2004-2019 Phil Lembo