title: Configuring OpenLDAP over LDAP link: https://onemoretech.wordpress.com/2009/03/19/configuring-openldap-over-ldap/ author: lembobro description: post_id: 355 created: 2009/03/19 17:37:55 created_gmt: 2009/03/19 17:37:55 comment_status: open post_name: configuring-openldap-over-ldap status: publish post_type: post

Configuring OpenLDAP over LDAP

OpenLDAP has featured the ability to configure the server over LDAP for some time now using the cn=config node. This replaces the slapd.conf file that most are familiar with. While Red Hat continues to ship the slapd server with a slapd.conf file, Ubuntu 8.10 ships openldap 2.4 .11 with cn=config enabled. If you install the slapd package under Ubuntu, you’ll be asked a number of questions that will determine the basic configuration.

Although learning how to get things done in cn=config takes some effort, this configuration mechanism has one overarching advantage for those who use OpenLDAP in a production environment:

Most changes can be made while the server is running, and other than database indexing are effective immediately. That means no disruptive recycling of the server for “minor” changes like limits on entries returned and access control directives.

The Ubuntu Server Guide has a good chapter on configuring the OpenLDAP Server through cn=config, and I highly recommend it as a starting point for anyone like me who is new to this way of doing things. Another resource to consult is the latest OpenLDAP Admin Guide, specifically the chapter on Configuring slapd. If using the latter keep in mine that the file system paths described therein may be different from the way they are on some systems (e.g. Ubuntu and Red Hat heavily customize these paths for their own purposes).

So far I’ve been using the default arrangement set up by the Ubuntu package. In later articles I’ll describe how to do the usual kinds of enhancements: indexing attributes, customizing the schema, enabling for LDAPS (LDAP over SSL), and creating access controls.

Copyright 2004-2019 Phil Lembo